From fenner@fenestro.attlabs.att.com Sun Sep 9 12:07:22 2001 Return-Path: Received: from fenestro.attlabs.att.com (mpfg.attlabs.net [12.106.35.2]) by hub.freebsd.org (Postfix) with ESMTP id A0AD637B403 for ; Sun, 9 Sep 2001 12:07:21 -0700 (PDT) Received: (from fenner@localhost) by fenestro.attlabs.att.com (8.11.6/8.11.6) id f89IqTE06685; Sun, 9 Sep 2001 11:52:29 -0700 (PDT) (envelope-from fenner) Message-Id: <200109091852.f89IqTE06685@fenestro.attlabs.att.com> Date: Sun, 9 Sep 2001 11:52:29 -0700 (PDT) From: Bill Fenner Reply-To: Bill Fenner To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: ssh gives useless errors when it can't get randomness X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 30462 >Category: bin >Synopsis: ssh gives useless errors when it can't get randomness >Confidential: no >Severity: serious >Priority: medium >Responsible: green >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 09 12:10:00 PDT 2001 >Closed-Date: Sat Oct 26 17:15:50 PDT 2002 >Last-Modified: Sat Oct 26 17:15:50 PDT 2002 >Originator: Bill Fenner >Release: FreeBSD 4.4-RC i386 >Organization: AT&T Labs - Research >Environment: System: FreeBSD fenestro.attlabs.att.com 4.4-RC FreeBSD 4.4-RC #10: Sat Sep 8 21:44:45 PDT 2001 root@fenestro.attlabs.att.com:/usr/obj/usr/src/sys/FENESTRO i386 Updated from 4.3-RELEASE on September 8 via cvsup; cvs update; make world; make kernel; power failure; mergemaster; reboot. >Description: I updated to 4.4-RC via source; somehow (possibly mergemaster's run of MAKEDEV; presumably the subject of another PR) all of my standard devices became mode 600 or worse, so e.g. /dev/random was not accessible to normal users. ssh started printing bogus error messages, e.g. when trying sshv1: fenestro% ssh -o"Protocol 1" mango ssh: no RSA support in libssl and libcrypto. See ssl(8). Disabling protocol version 1 ssh: No protocol version available. This is a pretty misleading error, and it made me spend quite some time investigating how I could have failed to include RSA support. The error for protocol version 2 is even worse: fenestro% ssh -o"Protocol 2" mango DH_generate_key A masterpiece of conciseness, while relaying no actual information. >How-To-Repeat: chmod 600 /dev/*random ssh -o"Protocol 1" somewhere sso -o"Protocol 2" somewhere >Fix: Check for this possibly-common problem (two seperate people in #bsdcode showed up at the same time with this problem, either that's amazing syncrhonicity or it's an easy problem to have) in another way and report the inability to get randomness. >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->green Responsible-Changed-By: kris Responsible-Changed-When: Sun Sep 9 16:45:06 PDT 2001 Responsible-Changed-Why: Over to green. IMO, it's high time this was fixed. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30462 State-Changed-From-To: open->closed State-Changed-By: fenner State-Changed-When: Sat Oct 26 17:14:36 PDT 2002 State-Changed-Why: Fixed in OpenSSH 3.4p1 . http://www.freebsd.org/cgi/query-pr.cgi?pr=30462 >Unformatted: