Re: ssh going nuts!

To: Juan Cespedes <cespedes@debian.org>
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: ssh going nuts!
From: Peyman Gohari <gohari@control.toronto.edu>
Date: Sun, 12 Oct 1997 19:34:11 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.95.971012190841.16458B-100000@malkier.control.toronto.edu>
In-reply-to: <[🔎] Pine.LNX.3.96.971012190412.1102E-100000@gizmo.lander.es>

On Sun, 12 Oct 1997, Juan Cespedes wrote:

> On Tue, 30 Sep 1997, Peyman Gohari wrote:
> 
> > In our group we have a single Debian machine surrounded by a bunch of
> > Redhats:( We have secure shell installed on all, but it behaves  weird
> > on Redhats from time to time. The problem is that when you try to get a
> > remote shell using ssh, you may be denied access to the remote host and
> > get the message "you don't exist, go away!".
> 
> 	Hmmm... that message is shown only by the *client* when
> getpwuid(getuid()) fails, ie, when there is no entry for the current
> real UID in the passwd database.  Do you use NIS or something like
> that?  Could you tell us which versions of ssh and libc[56] are you
> using?
> 
> -- 
> Juan Cespedes
> 

As I told you this was a Redhat-specific problem and finally it got fixed
by applying the following patch. For your information, we're using NIS,
and the versions of ssh and libc on Redhats are 1.2.20-3 and
libc-5.3.12-18, respectively.  

Regards,
Peyman

****************************************************************************

To: ssh@clinet.fi
Date: 25 Jul 1997 13:39:23 GMT
From: Leif Johansson <leifj@wizkids.matematik.su.se>
Message-ID: <5raaab$rpi$1@news.datakom.su.se>
Organization: Department of Mathematics, Stockholm University
References:
<Pine.GSO.3.96.970704105833.26169k-100000@hawk.ind.tansu.com.au>, 
<Pine.A32.3.96.970718193854.36868B-100000@caesar.power.elte.hu>
Subject: Re: You don't exist
Sender: owner-ssh@clinet.fi
Precedence: bulk

Gergely Madarasz <gorgo@caesar.elte.hu> wrote:
> On Fri, 4 Jul 1997, Charlie Brady wrote:

> > 
> > On Wed, 2 Jul 1997, Gergely Madarasz wrote:
> > 
> > > 
> > > I have the same problem on Redhat linux w/ NIS (NYS in the libc
enabled
> > > in the default libc by redhat). The interesting thing is that if ssh
is
> > > not setuid root then there is no problem. And when it is, it mostly
doesnt
> > > work, but sometimes it does. I need it setuid root :(
> > > No such problem on debian with ypbind. 
> > > Anyone have an idea?
> > 


Well, I found the "reason" for this problem some time ago. Look in
ssh.c and you will se an aparently unncessesary invocation of getpwnam
in the code - see patch below. Calling the nis library repeatedly 
seems to be a problem on some platforms and I can't see any reason 
for this double call to getpwnam... but when I asked this mailinglist 
about it I got no replies, so I'm not making any guaranties. The patch 
is against ssh 1.2.20. Hope it is useful. The fact that suid root causes
the problem should be aparent after you take a gander at this:

=======================================================================

*** ssh.c       Tue May 13 09:59:31 1997
--- ssh.c.orig  Wed Apr 23 02:40:11 1997
***************
*** 387,397 ****
    /* Start reading files as the specified user.  However, if we are not
running
       suid root, all access can be done locally, and there is no need to
       initialize explicitly. */
-   pw = getpwuid(original_real_uid);
    if (original_real_uid != original_effective_uid)
      {
!      /* pw = getpwuid(original_real_uid); */
!       if (pw == 0)
        {
          fprintf(stderr, "You don't exist, go away!\n");
          exit(1);
--- 387,396 ----
    /* Start reading files as the specified user.  However, if we are not
running
       suid root, all access can be done locally, and there is no need to
       initialize explicitly. */
    if (original_real_uid != original_effective_uid)
      {
!       pw = getpwuid(original_real_uid);
!       if (!pw)
        {
          fprintf(stderr, "You don't exist, go away!\n");
          exit(1);
***************
*** 675,682 ****
      }
  
    /* Get user data. */
!   /* pw = getpwuid(original_real_uid); */
!   if (pw == 0)
      {
        fprintf(stderr, "You don't exist, go away!\n");
        exit(1);
--- 674,681 ----
      }
  
    /* Get user data. */
!   pw = getpwuid(original_real_uid);
!   if (!pw)
      {
        fprintf(stderr, "You don't exist, go away!\n");
        exit(1);

-- 

========================================================================

        MVH leifj

Leif Johansson                          Phone: +46 8 164541             
Department of Mathematics               Fax  : +46 8 6126717            
Stockholm University                    email: leifj@matematik.su.se    

    <This space is left blank for quotational and disclamatory purposes.>


*************************************************************************


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: ssh going nuts!
  - From: Juan Cespedes <cespedes@debian.org>

Prev by Date: Re: Nedit License
Next by Date: Re: ssh going nuts!
Previous by thread: Re: ssh going nuts!
Next by thread: DNS lookups (was: something completely different on -private)
Index(es):
- Date
- Thread