ssh-1.2.33 and qnx4: problems. (+)

Here is the exempt from a /var/log/syslog:

Mar 14 20:11:36 coder syslogd: restart
(this is ssh-1.2.26 running)
Mar 14 20:11:36 node<<1>> sshd[72]: log: Server listening on port 22.
Mar 14 20:11:36 node<<1>> sshd[72]: log: Generating 768 bit RSA key.
Mar 14 20:11:39 node<<1>> sshd[72]: log: RSA key generation complete.
Mar 14 20:47:26 node<<1>> sshd[18162]: log: Connection from 127.0.0.1 port 1025
Mar 14 20:47:43 node<<1>> sshd[18162]: log: RSA authentication for root accepted.
Mar 14 20:47:43 node<<1>> sshd[18162]: log: ROOT LOGIN as ‘root’ from localhost
Mar 14 20:47:44 node<<1>> sshd[18303]: error: Failed to disconnect from controlling tty.
Mar 14 20:47:58 node<<1>> sshd[18162]: fatal: Local: Command terminated on signal 1.
Mar 14 20:53:14 coder syslogd: restart

(this is ssh-1.2.27 running)
Mar 14 20:53:15 node<<1>> sshd[72]: log: Server listening on port 22.
Mar 14 20:53:15 node<<1>> sshd[72]: log: Generating 768 bit RSA key.
Mar 14 20:53:17 node<<1>> sshd[72]: log: RSA key generation complete.
Mar 14 21:16:50 node<<1>> sshd[11763]: log: Connection from 127.0.0.1 port 1025
Mar 14 21:16:57 node<<1>> sshd[11763]: log: RSA authentication for root accepted.
Mar 14 21:16:57 node<<1>> sshd[11763]: log: ROOT LOGIN as ‘root’ from localhost
Mar 14 21:16:57 node<<1>> sshd[11871]: error: Failed to disconnect from controlling tty.
Mar 14 21:17:09 node<<1>> sshd[11763]: fatal: Local: Command terminated on signal 1.
Mar 14 21:19:04 coder syslogd: restart

(this is ssh-1.2.33 running)
Mar 14 21:19:04 node<<1>> sshd[72]: log: Server listening on port 22.
Mar 14 21:19:04 node<<1>> sshd[72]: log: Generating 768 bit RSA key.
Mar 14 21:19:11 node<<1>> sshd[72]: log: RSA key generation complete.
Mar 14 21:19:29 node<<1>> sshd[269]: log: Connection from 127.0.0.1 port 1025
Mar 14 21:19:37 node<<1>> sshd[269]: log: RSA authentication for root accepted.
Mar 14 21:19:37 node<<1>> sshd[269]: log: ROOT LOGIN as ‘root’ from localhost
Mar 14 21:19:37 node<<1>> sshd[333]: error: Failed to disconnect from controlling tty.
Mar 14 21:20:19 node<<1>> sshd[269]: fatal: Connection closed by remote host.

The first two sessions are terminated when I logout from the shell.
The third one does not terminate that way, I have to kill the remote
copy of ssh.
I was told this is a known “logout hang” bug.
It was patched in OpenSHH, but I cannot figure out how to cure
ssh-1.2.33 with it.
One can see that it is forked copy of sshd process what is not able to disconnect from controlling tty at the very beginning of the ssh session.

Next is a strange thing too, it happens with all the versions of
ssh-1.2.26|27|33 I tryed:
//1/home/admin $ ssh localhost who
Enter passphrase for RSA key ‘admin@coder’:
I enter the passphrase
Bad line in /etc/default/login: TZ
Bad line in /etc/default/login: TERM
Bad line in /etc/default/login: BAUD
Bad line in /etc/default/login: DISPLAY
Bad line in /etc/default/login: PHOTON
Bad line in /etc/default/login: SYSNAME
Userid Device Login Idle Command
admin //1/dev/con2 Mar 15 14:30 0:00:00 ssh
System //0 Mar 15 14:32 —:–:-- ksh

I expect to see two “admins” logged in - one on /dev/con2 and another on /dev/ttyp0 , right? Or, running a command on the remote host via ssh is not the same as logging in there? What I see in the above example means that I’m executing a command with the System i.e. root privileges, doesn’t it?

(After some more experiments)
No, this System is not the same as root - I logged as “admin” locally and tryed to scopy /etc/shadow - the access was denied! That’s good.

More experiments:
//1/home/admin $ scp localhost:/home/admin/.lastlogin localhost:/tmp
Enter passphrase for RSA key ‘admin@coder’:
I enter the passphrase
Bad line in /etc/default/login: TZ
Bad line in /etc/default/login: TERM
Bad line in /etc/default/login: BAUD
Bad line in /etc/default/login: DISPLAY
Bad line in /etc/default/login: PHOTON
Bad line in /etc/default/login: SYSNAME
You have no controlling tty and no DISPLAY. Cannot read passphrase.
lost connection

I enter the correct passphrase once and then I get the above result.

Please give a hint!
Thank you.

Still trying to solve the “logout hang” bug…

The OpenSSH patch for this was:
diff -ur openssh-3.0.2p1/clientloop.c openssh-3.0.2p1J2/clientloop.c
— openssh-3.0.2p1/clientloop.cSun Nov 11 17:06:33 2001
+++ openssh-3.0.2p1J2/clientloop.cSat Jan 19 15:55:44 2002
@@ -445,9 +445,12 @@
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
/* Received EOF. The remote host has closed the connection. /
+/
This message duplicates the one already in client_loop(). */
+#if 0
snprintf(buf, sizeof buf, “Connection to %.300s closed by remote host.\r\n”,
host);
buffer_append(&stderr_buffer, buf, strlen(buf));
+#endif
quit_pending = 1;
return;
}
diff -ur openssh-3.0.2p1/session.c openssh-3.0.2p1J2/session.c
— openssh-3.0.2p1/session.cSat Dec 1 16:37:08 2001
+++ openssh-3.0.2p1J2/session.cSat Jan 19 15:56:32 2002
@@ -1929,6 +1929,8 @@
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
+if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
+chan_read_failed(c);
s->chanid = -1;
}

In ssh-1.2.33 we do have clientloop.c, and there is something similar to the pattern in that part of the patch, actually it is a bit different:
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
/* Received EOF. The remote host has closed the connection. */
snprintf(buf, sizeof buf, “Connection to %.300s closed by remote host.\r\n”,
host);
buffer_append(&stderr_buffer, buf, strlen(buf));
stderr_bytes += strlen(buf);
quit_pending = 1;
return;
}

So, the patched clientloop.c may look like this:
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
/* Received EOF. The remote host has closed the connection. /
[b]/
This message … and so on… */
#if 0[/b]
snprintf(buf, sizeof buf, “Connection to %.300s closed by remote host.\r\n”,
host);
buffer_append(&stderr_buffer, buf, strlen(buf));
stderr_bytes += strlen(buf);
#endif
quit_pending = 1;
return;
}

Where in ssh-1.2.33 should I search for what is session.c in OpenSSH?
Is it newchannels.c?

Looks like you care about security :slight_smile: but I don’t understand why you keep trying the old ssh-1.2.x which only supports the old/not-very-secure SSH1 protocol.
Everybody else is now using either the free openssh or the commercial ssh 3.x, both of which support SSH 2 procotols. BTW, both openssh and ssh 3.x were ported to QNX 4 in the past by various people. Depending on how much money you want to spend, you could either choose openssh or commercial ssh 3.x.

Now, back to your /etc/default/login problem. QNX 4’s /etc/default/login is NOT compatible with other Unix’s. I would suggest you rename /etc/default/login to something else before you run ssh-1.2.x ./configure. This way, configure won’t find /etc/default/login and config ssh NOT to use /etc/default/login. Once you are done with configuring/compiling ssh, you can rename the default login file back.

Yes, I’m a bit paranoid about this. :slight_smile:
Reading the advisory regarding ssh v1.x I’m certain that it is still secure enough for my environment.
If I could find a ssh 3.x “commercial” port to qnx4 - I’d be happy obtaining it. Either I could not find a OpenSSH (current) ported too.
Please give a clue.
(Also, I could not install gcc properly - I’d like to stay with Watcom tools. D. J. HAWKEY JR. provided us lamers with the excellent how-to. I’m not sure if could use gcc-based port at all.)

Thank you for the advise on /etc/default/login bug, I’ll try this way now.

BTW If I type ~. as advised here - the session closes normally.

OK, renaming /etc/default/login before running the configure helped to get rid of …Bad line in /etc/default/login… errors.

Still cannot fix logout hang bug.
Executing a command via ssh does not happen under
anyone’s account - it is still System //0

Help me, please!

Sounds like your “port” has more issues :frowning:
You probably don’t even have a controlling tty after you ssh in. You can confirm this by running “passwd” to change password, or “su” to become super user. Both commands require a controlling tty, they would fail if you don’t have one.

:slight_smile:
But there is hope.
I’ve found that ssh-1.2.26 behaves a bit differently:

  • when I run ssh localhost who, I get …Bad line in /etc/default/login… and
    Userid device Login Idle Command
    root //1
    ksh

    Though this is not ideal - it is better than ssh1.2.27 and ssh-1.2.33

I’m investigating what has changed in 1.2.27 and 1.2.33 regarding the tty management.

Have you tried “passwd” or “su” command?

When I do ssh localhost su root as admin, I get:
Enter passphrase for RSA key ‘admin@coder’:I enter the passphrase
password:su: Sorry

Just as you expect.

But when I’m logged in via ssh - I’m able to do what I want. All the environment is set correctly.

If I execute a script like this one:
#!/bin/sh
echo dir is: $dir

it echoes an empty variable:
dir is:
that’s it.
The same script being run from console returns dir is: //1/home/admin as expected.

Studying diff between tty.c in the distribution of ssh-1.2.26 and the J.C.Michot’s port shows a very little hacking in the code, while the same tty.c in ssh-1.2.27 ported by D.J.Hawkey has much heavyer hacking in it.

I’m still trying to understand the changes made.

Any help appreciated!

The syslog message “Failed to disconnect from controlling tty” actually comes from the process who’s pid corresponds to the ksh in the sin list.
The session is underway, one can do his job in this copy of ksh

Still thinking on the nature of the “logout hang”…

If I forcebly allocate the tty when executing a command - “ssh -t localhost who” - ssh hangs as if I was logged in. It takes typing “~.” to get out.

If I try it this way - “ssh -t localhost who </dev/null >/dev/null 2>&1” - I get no output from the command but ssh logs out without any help.

So, the “logout hang” and “failing to disconnect from controlling tty” are somehow related.

Please comment.

Tony.

Yes, indeed, the “failure to disconnect from the controlling tty” is the cause of the logout hang.

When I do (as root) “ssh localhost su user” - I get the quite operational console (however it does not have “$” prompt) and I can type “logout” and it really logs me out.
If I do “ssh -t localhost su admin” - then problems are back - I cannot “logout” properly…

I wish I could fix this “failure to disconnect from controlling tty” issue!

Tony.

I did it!
:slight_smile:
I managed to cure the “logout hang” and “double lastlog messages”.
I plan to test ssh-1.2.33qfe for a while and then post it.

To get rid of the second “last login” message I did theese changes to /etc/profile:

[code]— /etc/profile.QSSL 2005-01-07 21:27:06.000000000 +0300
+++ /etc/profile 2005-01-07 21:20:36.000000000 +0300
@@ -10,7 +10,9 @@
echo -n >.lastlogin
else
test /etc/motd -nt .lastlogin && cat /etc/motd

  • test -s .lastlogin && echo $(<.lastlogin)
  • if [ $(tty | cut -f 5 -d/ | cut -c 1-3) = “con” ]; then
  • test -s .lastlogin && echo $(<.lastlogin)
    
  • fi
    echo “Last login: ${DATE=date +%c} on ${TTY=tty}” >.lastlogin
    echo $DATE
    fi[/code]
    Then you may compile both SSH-1 and SSH-2 with /usr/adm/lastlog support and see the hostname from which the last login occured, but that lousy message about /dev/tty…

Congratulation, you are persistant ;-)

:slight_smile:
I really love this port - when linked with the latest GMP and zlib it is fast.
Compared to SSH-2 it is ~4 times smaller…
If one needs to secure an embedded box - SSH-1 is still the way to go, I think.

J.C.Michot and D.J.Hawkey have done the great job porting it and making it compilable with Watcom C v10.6

Now, looking back - I see some hacks made by them are not needed actually, so I carefully examine every instance. Some of them are already undone and the thing works fine.
I wish OpenSSH people were trying to stay as portable as SSH.com developers performed!

The “enhanced” port of ssh-1.2.33 is here.
It’s readme…

I’ll keep it “current” as zlib or GMP advances…

I’ve noticed that no matter one puts a “no-pty” option on a key - it’s possible to get a shell via a ssh user@server /bin/sh command.
The shell lacks a prompt but works (without a controlling tty).
OpenSSH people assured me this is the same with other UNIXes too.
To avoid the issue one needs a “restricted shell”.

If anyone has ported this one - please contact me.

I wanna port OpenSSH-4.0p1, need help!

  1. IXANY isn’t in QNX4
  2. initgroups(), setgroups(), getspnam() isn’t in QNX4
  3. wrong dirent, what to do?

Now I only make ssh-rand-helper to work.

Oh! Yes! ssh client works without

  1. IXANY
  2. initgroups(), setgroups()
  3. int64, long long

thanks for help!

porting steps

  1. in configure replace --nto-qnx with --qnx
  2. in includes.h comment <sys/resource.h>
  3. in openbsd-compat/bsd-snprintf.c, compress.c, sftp_common.c, sftp_client.c replace long long with long
  4. in ttymodes.h, sshtty.c remove IXANY
  5. in sshd.c, session.c, uidswap.c remove initgroups(), setgroups() calls
  6. in rijndael.c in function rijndaelEncrypt(), rijndaelDecrypt() remove static declaration of array rk
  7. in scp.c comment wrong dirent structure member (d_ino)
  8. configure --disable-strip CFLAGS="-Dsnprintf=_bprintf -Dint64_t=int32_t -Du_int64_t=u_int32_t" LIBS="-lunix -llogin"
  9. in config.h undef HAS_SHADOW_EXPIRE
  10. make SHELL=bash
  11. make SHELL=bash tests
  12. make SHELL=bash install