From gnb@itga.com.au  Sun Jan 21 21:31:01 2001
Return-Path: <gnb@itga.com.au>
Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210])
	by hub.freebsd.org (Postfix) with ESMTP id 4137737B402
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Jan 2001 21:30:59 -0800 (PST)
Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20])
	by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id QAA01033
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Jan 2001 16:30:46 +1100 (EST)
	(envelope-from gnb@itga.com.au)
Received: from hellcat.itga.com.au (hellcat.itga.com.au [192.168.71.163])
	by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id QAA08016;
	Mon, 22 Jan 2001 16:30:45 +1100 (EST)
Received: (from gnb@localhost)
	by hellcat.itga.com.au (8.11.1/8.9.3) id f0M5UjR92920;
	Mon, 22 Jan 2001 16:30:45 +1100 (EST)
	(envelope-from gnb@itga.com.au)
Message-Id: <200101220530.f0M5UjR92920@hellcat.itga.com.au>
Date: Mon, 22 Jan 2001 16:30:45 +1100 (EST)
From: gnb@itga.com.au
To: FreeBSD-gnats-submit@freebsd.org
Subject: ssh-agent exits when authenticating DSA via v1 Auth forwarding
X-Send-Pr-Version: 3.2

>Number:         24521
>Category:       bin
>Synopsis:       ssh-agent exits when authenticating DSA via v1 Auth forwarding
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 21 21:40:01 PST 2001
>Closed-Date:    Tue Aug 19 03:53:15 PDT 2003
>Last-Modified:  Tue Aug 19 03:53:15 PDT 2003
>Originator:     Gregory Bond
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
ITG Australia Limited
>Environment:

I'm running 4.2-Stable, with system-supplied OpenSSH:
	SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0.
	Compiled with SSL (0x0090600f).

Plus OpenSSH on Solaris:
	SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
	Compiled with SSL (0x0090581f).

[I Need to use solaris hosts for this demo as I don't have enbough 4.2
boxes to use FreeBSD for each step!]

>Description:

I run my desktop with ssh-agent on FreeBSD 4.2.  The agent stores
an RSA key and a DSA key, as some of the hosts I need to connect to 
still only have SSH1 capability.  I use this to slogin to various machines
of various unix flavours without needing to type passwords.  Auth forwarding
is on for all these links.

If I slogin to a Solaris host running OpenSSH_2.2.0p1 in Protocol
V1 mode with auth forwading enabled ("lightning" in this example,
set by my ssh_config), then from that machine attempt to slogin to
another machine running the same OpenSSH_2.2.0p1 version but using
the version 2 protocol ("slink" in this example), then my ssh-agent
exits.  The second slogin gets an error message:
	Authentication response too long: 1651861094

I ran truss on the ssh-agent and it appears to be deliberately exiting with
"exit(-1)", rather than coredumping, but no error messages are visible:

(null)()					 = 1 (0x1)
accept(0x3,0xbfbfef28,0xbfbfef24)		 = 0 (0x0)
fcntl(0x0,0x4,0x4)				 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
read(0x0,0xbfbfef94,0x400)			 = 5 (0x5)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
write(0,0x8055000,9)				 = 9 (0x9)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
accept(0x3,0xbfbfef28,0xbfbfef24)		 = 1 (0x1)
fcntl(0x1,0x4,0x4)				 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
read(0x1,0xbfbfef94,0x400)			 = 0 (0x0)
shutdown(0x1,0x2)				 = 0 (0x0)
close(1)					 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
accept(0x3,0xbfbfef28,0xbfbfef24)		 = 1 (0x1)
fcntl(0x1,0x4,0x4)				 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
read(0x1,0xbfbfef94,0x400)			 = 5 (0x5)
break(0x805c000)				 = 0 (0x0)
break(0x805d000)				 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
write(1,0x805a000,477)				 = 477 (0x1dd)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
accept(0x3,0xbfbfef28,0xbfbfef24)		 = 2 (0x2)
fcntl(0x2,0x4,0x4)				 = 0 (0x0)
select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0)	 = 1 (0x1)
read(0x2,0xbfbfef94,0x400)			 = 954 (0x3ba)
write(2,0xbfbfe2ac,53)				 = 53 (0x35)
lstat("/tmp/ssh-ELr48725/agent.48725",0xbfbfed14) = 0 (0x0)
unlink(0x804f3a0)				 = 0 (0x0)
rmdir(0x804f7a0)				 = 0 (0x0)
sigprocmask(0x1,0x28060720,0xbfbfed54)		 = 0 (0x0)
sigprocmask(0x3,0x28060730,0x0)			 = 0 (0x0)
exit(0xff)					process exit, rval = 65280

>How-To-Repeat:

Script started on Mon Jan 22 16:17:02 2001
hellcat$ ssh-agent bash
hellcat$ ssh-add 
Need passphrase for /home/users/gnb/.ssh/identity
Enter passphrase for gnb@hellcat.itga.com.au: 
Identity added: /home/users/gnb/.ssh/identity (gnb@hellcat.itga.com.au)
hellcat$ ssh-add ~/.ssh/id_dsa
Need passphrase for /home/users/gnb/.ssh/id_dsa
Enter passphrase for /home/users/gnb/.ssh/id_dsa: 
Identity added: /home/users/gnb/.ssh/id_dsa (/home/users/gnb/.ssh/id_dsa)
hellcat$ ssh-add -l
1024 8b:fc:7b:f5:1d:c5:0b:5d:46:7d:e4:fb:7b:dc:cb:20 gnb@hellcat.itga.com.au
1024 89:b9:33:14:f8:bd:58:90:c6:bd:f8:3f:aa:e4:0e:71 /home/users/gnb/.ssh/id_dsa
hellcat$ slogin lightning
Last login: Mon Jan 22 16:17:25 2001 from hellcat.itga.co
Sun Microsystems Inc.   SunOS 5.6       Generic August 1997
lightning$ ssh-add -l
1024 8b:fc:7b:f5:1d:c5:0b:5d:46:7d:e4:fb:7b:dc:cb:20 gnb@hellcat.itga.com.au
1024 89:b9:33:14:f8:bd:58:90:c6:bd:f8:3f:aa:e4:0e:71 /home/users/gnb/.ssh/id_dsa
lightning$ slogin slink
Authentication response too long: 1651861094
lightning$ ssh-add -l
Error reading response length from authentication socket.
Broken Pipe
lightning$ logout
Connection to lightning.itga.com.au closed.
hellcat$ ssh-add -l
Could not open a connection to your authentication agent.
hellcat$ slogin lightning
Enter passphrase for RSA key 'gnb@hellcat.itga.com.au': 
Bad passphrase.
Permission denied.
hellcat$ exit
hellcat$ exit

Script done on Mon Jan 22 16:18:03 2001

>Fix:

	Don't attempt to do V2/DSA auth agent over a V1 link.

	I'm not expecting this to actually work, but it'd be very nice
	if the ssh-agent didn't die, forcing me to re-login all over again
	(or type passwords for the rest of the session).


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->green 
Responsible-Changed-By: kris 
Responsible-Changed-When: Wed Jan 24 18:57:47 PST 2001 
Responsible-Changed-Why:  
green is the openssh maintainer. 
Speaking as the ex-maintainer, I think you have more chance of getting this fixed by talking to the OpenSSH developers (www.openssh.com), but I won't speak for brian. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24521 

From: Gregory Bond <gnb@itga.com.au>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/24521: ssh-agent exits when authenticating DSA via v1 Auth forwarding
Date: Wed, 16 Jan 2002 09:57:06 +1100

 This PR can be closed.  AUTH forwarding for DSA and RSA keys now works 
 as expected (since the SSH 2.9 import, I think).
 
Responsible-Changed-From-To: green->des 
Responsible-Changed-By: green 
Responsible-Changed-When: Sat Jul 12 21:14:05 PDT 2003 
Responsible-Changed-Why:  
ssh over to DES 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24521 

From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/24521
Date: Mon, 14 Jul 2003 12:39:53 +0200

 Does this still occur with more recent versions of FreeBSD / OpenSSH?
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Tue Aug 19 03:53:06 PDT 2003 
State-Changed-Why:  
Seems to have been fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24521 
>Unformatted:
