Subject: Re: EPIPE causes 'Authentication by public key failed' for examples with keyfile authentication at OpenSSH server

Re: EPIPE causes 'Authentication by public key failed' for examples with keyfile authentication at OpenSSH server

From: Nick Rudnick <nick.rudnick_at_googlemail.com>
Date: Tue, 24 Apr 2012 23:50:24 +0200

Hi Peter,

thanks a lot for the quick response, I was absent for some hours.

2012/4/24 Peter Stuge <peter_at_stuge.se>

>
> > First SSH keyfile authentication runs flawless when done in a terminal.
>
> Do you mean "the first time" or "I will list some things, the first
> is that" ?
>
The latter; I guessed this to be an important observation, expecting some
configuration issue.

>
> > The server is OpenSSH_5.8p1, built from source for better tracing of
> > the problem.
>
> Where is the EPIPE reported?
>
Here a 'manual call stack':
openssh-5.8p1,
- - - - - - - - - -
atomicio.c::atomicio6()::line 73:
This seems like an empty/closed pipe; atomicio is a "C higher order
function" given a read.
- - - - - - - - - -
monitor_wrap.c::mm_request_receive()::line 126:
- - - - - - - - - -
monitor.c::monitor_read()::line 478:
It happens when – with a terminal – OpenSSH request a message with
MONITOR_REQ_KEYALLOWED
again – as the first bytes of the code are identical,

\20\0\0\0\2\0\0\0\0\0\0\0\0\0\0\1\23\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\1\1\0\0%\189\24p4q\19\163\248...
- - - - - - - - - -
monitor.c::monitor_child_preauth()::line 369:
This is the while loop (excuse me, please, not in monitor_read()...) The
preceding messages in the loop are:

MONITOR_REQ_SIGN
\4\0\0\0\0\0\0\0\20({\164\197gJ\252\(\198\163\4\232\164]\129\202\177Hr9]:
---- mo...

MONITOR_REQ_PWNAM
\6\0\0\0\1i\0\0\136\136M\170\245\127\0\00\30\6\1\0\0\0\00\30\6\1\0\0\0\0\0\0\0\0\0\0\0\0...

MONITOR_REQ_AUTHSERV
\3\0\0\0\14ssh-connection\0\0\0\0\00\30\6\1\0\0\0\0\1\0\0\0\0\144\179\5...

I meanwhile have come to a strong suspicion that OpenSSH might try to
re-request the same message, while ssh2.c uses a configuration which
prohibits this.

Please compile libssh2 with debugging enabled, and call
>
> libssh2_trace(session, ~0);

Good idea... one minute please...

>

in the example. Please send the rich debug messages to the mailing
> list. Thanks!
>
:-) I have to thank... Nick

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-04-24