From curtis@workhorse.fictitious.org  Tue Mar  6 12:17:53 2001
Return-Path: <curtis@workhorse.fictitious.org>
Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.66.129.230])
	by hub.freebsd.org (Postfix) with ESMTP id BC10B37B719
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  6 Mar 2001 12:17:50 -0800 (PST)
	(envelope-from curtis@workhorse.fictitious.org)
Received: (from curtis@localhost)
	by workhorse.fictitious.org (8.9.3/8.9.3) id PAA39541;
	Tue, 6 Mar 2001 15:17:47 -0500 (EST)
	(envelope-from curtis)
Message-Id: <200103062017.PAA39541@workhorse.fictitious.org>
Date: Tue, 6 Mar 2001 15:17:47 -0500 (EST)
From: curtis@fictitious.org
Reply-To: curtis@fictitious.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: have sshd core dump if anyone is interested in it
X-Send-Pr-Version: 3.2

>Number:         25572
>Category:       bin
>Synopsis:       sshd core dump
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 06 12:20:01 PST 2001
>Closed-Date:    Tue Aug 19 03:51:17 PDT 2003
>Last-Modified:  Tue Aug 19 03:51:17 PDT 2003
>Originator:     Curtis Villamizar <curtis@fictitious.org>
>Release:        FreeBSD 4.2-20010303-STABLE (GENERIC) #0: Sat Mar  3 13:55:05 GMT 2001
>Organization:
  fictitious.org is just the DNS zone for my house.
>Environment:

This was on my laptop.  I installed 'FreeBSD 4.2-20010303-STABLE
(GENERIC) #0: Sat Mar 3 13:55:05 GMT 2001' with security setting
"high" and was about to start putting back the files that belong in
etc from another machine.  I had selected k5 and ssh in the install.

>Description:

I typed "slogin laptoy770-ether" without the "-l root" which would
have slogin attempt to login as a user who was not yet in the
/etc/master.passwd file.  At that point sshd dumped core.

This is not a big problem for me since I normally move a few public
keys over disable PasswordAuthentication and go with DSAAuthentication
but maintainers of sshd might want to look at the core dump.

>How-To-Repeat:

This is just before I changed PermitRootLogin to yes.  The sshd_config
file contained:

# This is ssh server systemwide configuration file.
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.5 2001/01/18
#22:36:53 green Exp $

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin no
# ConnectionsPerPeriod has been deprecated completely

# After 10 unauthenticated connections, refuse 30% of the new ones,
  and
# refuse any more than 60 total.
MaxStartups 10:30:60
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
  RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in
/etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords 
#SkeyAuthentication no
#KbdInteractiveAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail yes
#UseLogin no

# Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/libexec/sftp-server

To reproduce the problem, attempt to slogin from an ordinary user
account where the uid does not exist on the machine being logged into.
Core file available on request.

>Fix:

	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25336 
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25346 
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25542 
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25793 
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25572 
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Jul 12 17:57:31 PDT 2003 
Responsible-Changed-Why:  
Assign to SSH maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25572 

From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/25572
Date: Mon, 14 Jul 2003 12:41:04 +0200

 Does this still occur with more recent versions of FreeBSD / OpenSSH?
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Tue Aug 19 03:51:16 PDT 2003 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25572 
>Unformatted:
