LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh login problem RedHat AS3 ("Did not receive identification string from") (https://www.linuxquestions.org/questions/linux-security-4/ssh-login-problem-redhat-as3-did-not-receive-identification-string-from-329845/)

spaniel 06-03-2005 03:37 AM

ssh login problem RedHat AS3 ("Did not receive identification string from")
 
Hi all,

I have a very strange problem. In my network i am configuring a communication server.

Situation:

I have three servers
Server 1: Solaris 8 server with SSH client: OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
Server 2: Solaris 8 server with SSH Client: OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
Server 3: RedHat AS3 with ssh deamon: OpenSSH_3.6.1p2


The sshd has the following configuration file:
------------------------------------------------------------------------
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
#ShowPatchLevel no

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
#Banner /etc/motd.ssh
------------------------------------------------------------------------

When i login to the server via ssh from server 1 to server 3 everything works fine:
But when i login from server 2 to server 3 i get nothing:
See output of ssh -vv below:

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.5 [x.x.x.5] port 22.

In the logging of /var/log/secure on the server (sshd with debugging on) i see the following:
Jun 2 16:04:33 Server3 sshd[10152]: Did not receive identification string from x.x.x.9
Jun 2 16:04:33 Server3 sshd[10152]: debug1: Calling cleanup 0x806f000(0x0)
Jun 2 16:04:33 Server3 sshd[10153]: Connection from x.x.x.9 port 56678

These message normally are shown when someone does a port scan or something else nasty to your server,
but since i am the only nasty guy connecting to server3 that should not be the problem :)

I have checked the source of sshd ( thats a place i don't normally come, but OK) and have found this":
374 if (client_version_string == NULL) {
375 /* Send our protocol version identification. */
376 if (atomicio(write, sock_out, server_version_string,
377 strlen(server_version_string))
378 != strlen(server_version_string)) {
379 log("Could not write ident string to %s", get_remote_ipaddr());
380 fatal_cleanup();
381 }
382
383 /* Read other sides version identification. */
384 memset(buf, 0, sizeof(buf));
385 for (i = 0; i < sizeof(buf) - 1; i++) {
386 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
387 log("Did not receive identification string from %s",
388 get_remote_ipaddr());
389 fatal_cleanup();
390 }
391 if (buf[i] == '\r') {
392 buf[i] = 0;
393 /* Kludge for F-Secure Macintosh < 1.0.2 */
394 if (i == 12 &&
395 strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
396 break;
397 continue;
398 }
399 if (buf[i] == '\n') {
400 buf[i] = 0;
401 break;
402 }
403 }
404 buf[sizeof(buf) - 1] = 0;
405 client_version_string = xstrdup(buf);
406 }

It looks to me that the sshd exits in line 380. So i have isolated the problem (i Think)
I need server 2 to connect to server 3 and i dont have the luxury of just updating everything to the highest version.
Impact on other service is very big!!

The question now remains: HOW DO I SOLVE IT?

Anyone have some ideas?

unSpawn 07-03-2005 06:50 AM

If this still is a problem (else please post your solution):
I need server 2 to connect to server 3 and i dont have the luxury of just updating everything to the highest version.
Impact on other service is very big!!

If these boxen are in any way connected to the Internet, then you'll have to update both daemon and client to the latest stable version. There can be no mistake about that. I can not *imagine* what "big" impact this would have on other services, so please tell us. If there are no "real" objections the obvious way would be to update, else please post the log from 'sshd -d -d -d'. I'm certain it can output much more debugging than you showed now.


All times are GMT -5. The time now is 01:41 PM.