Greetings, Sami (and list)!
[Sami - if you aren't the right person for the code in this area please
forgive me: I'm mailing you as you mentioned in a previous message to
fixing a race condition on Solaris. In this case could you pass this
message on to the right person? Thanks ever so! -- PMB]
--On Wednesday, March 29, 2000 1:30 pm +0300 Sami Lehtinen <[EMAIL PROTECTED]>
wrote:
> Did you actually install the beta, and did not just run the executable
> from the distribution directory? I remember fixing one race-condition
> in ssh-signer2, which incurred in Solaris.
I honestly thought I had cracked the hostname-based authentication on our
sysstems. However I think I spoke a little too soon....
I had, if you remember one my recent postings, got 2.1.0beta running on two
test machines OK. I since downloaded ssh-secure-shell-2.1.0-noncommercial
and today have been trying to put that up.
It looks like there is still a race-condition lurking somewhere.
On our single-processor systems the ssh-2.1.0 server seems to work fine.
However on our 6-processor Solaris 2.6 box it doesn't. Typically the
server's process which is handling the connection attempt terminates
prematurely. (I include the final stages of a "-d 99" output at the end of
this message after my signature.) The client end then hangs, apparently
still waiting for data from the server.
The key clue is:
1) Start the sshd in "-d 99" mode.
2) Use "ps" to find the server's pid.
3) Use Solaris' "pbind" command to bind this processes (and any
children it creates) to a single processor:
pbind -b processornumber pid
4) Use ssh (client) to connect to the server.
All is then well.
Try again leaving the server process unbound (so it, and its children, can
use any of the processors) and it fails.
Start it again but bind it to a single-processor: it works.
So it looks like there is still a race-condition which primarily (only?)
shows up on a multi-processor system such as one of ours.
Looking at the output from the "-d 99" debug output (see below) I _suspect_
the server fires off a child (perhaps the ssh-signer2 program? not sure)
and then uninitialises/reinitialises various signal traps. On the
multi-processor box I guess the child process does its thing on another CPU
and terminates, generating a signal 18. The server spots this signal and
thinks the child has terminated so closes down, rather than handling it
(presumably with a handler not yet set up) and getting the data to pass
back to the connecting ssh client.
... Or something ...
(I *don't* profess to know anything about the innards of the ssh programs
but it could turn out to be something like this.)
Sami - if you agree and want me to try anything out I'm willing to try
testing any mods to the code you (or whoever looks after this area) can
suggest and will let you know whether they work. Feel free to get in touch
with me.
Cheers,
Mike B-)
--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811 FAX:+44-1904-433740
Web: http://www-users.york.ac.uk/~pmb1/
* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
===== TAIL END OF DEBUG OUTPUT FROM SSHD AT "-d 99" =====
Tail end of "sshd2 -d 99" output from the
"ssh-secure-shell-2.1.0-noncommercial" distribution. The necessary
"/etc/ssh2/knownhosts/ebor.york.ac.uk.ssh-dss.pub" file DOES exist and
contains the correct public key data.
If you look carefully you can see the "ebor#" prompt where the server has
exited and returned to the command prompt embedded in the last stages of
the output:
debug: Ssh2AuthHostBasedRhosts/auths-hostbased-rhosts.c:414: Accepted by
.rhosts.
debug: SshEventLoop/sshunixeloop.c:248: Got signal number: 18
debug: Ssh2AuthHostBasedServer/auths-hostbased.c:217: Trying to read client
host's pubkey from
'/usr/fsb/serv/pmb1/.ssh2/knownhosts/ebor.york.ac.uk.ssh-dss.pub'...
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 1.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 2.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 3.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 4.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 5.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 6.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 7.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 8.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 9.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 10.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 11.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 12.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 13.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 14.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 15.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 16.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 17.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 19.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 28.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 29.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 30.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 31.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 32.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 33.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 36.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 37.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 38.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 39.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 40.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 41.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 42.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 43.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 44.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 45.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 46.
debug: SshUnixUserFiles/sshunixuserfiles.c:200: file
/usr/fsb/serv/pmb1/.ssh2/knownhosts/ebor.york.ac.uk.ssh-dss.pub does not
exist.
debug: Ssh2AuthHostBasedServer/auths-hostbased.c:227: Error occurred while
reading in
'/usr/fsb/serv/pmb1/.ssh2/knownhosts/ebor.york.ac.uk.ssh-dss.pub' (perhaps
it doesn't exist?)
debug: Ssh2AuthHostBasedServer/auths-hostbased.c:217: Trying to read client
host's pubkey from '/etc/ssh2/knownhosts/ebor.york.ac.uk.ssh-dss.pub'...
debug: SshEventLoop/sshunixeloop.c:248: Got signal number: 18
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 1.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 2.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 3.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 4.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 5.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 6.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 7.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 8.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 9.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 10.
ebor# debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 11.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 12.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 13.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 14.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 15.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 16.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 17.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 19.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 28.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 29.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 30.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 31.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 32.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 33.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 36.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 37.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 38.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 39.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 40.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 41.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 42.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 43.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 44.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 45.
debug: SshEventLoop/sshunixeloop.c:461: Unregistered signal 46.
