LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-15-2019, 04:25 PM   #1
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Rep: Reputation: 116Reputation: 116
Latest patch level for Slackware 14.2 causes rsa auth failure from PHP


I know this sounds weird, bear with me. I have duplicated this on three different machines.

Slackware 14.2 64 bit.

Using key pair auth in PHP to access a remote box - one on my local network, one is an AWS instance. Two lines of code do the auth like this:

$connection = ssh2_connect('<ip address>', 22, array('hostkey' => 'ssh-rsa'));
$result = ssh2_auth_pubkey_file($connection, '<user name>', '<pub keyfile>', 'private keyfile>');

With Slackware 14.2 and 4.4.157 kernel as well as previous versions, Slackware 14.1 and even Slackware current and, this works fine. I've done this for many years, I kinda sorta know what I'm doing, and it's always worked.

On three separate boxes running Slackware 14.2, I did an update with slackpkg. It updated the kernel to 4.4.172. I don't know what else it updated, but once I did the update, I now get an error:

Warning: ssh2_auth_pubkey_file(): Authentication failed for <user> using public key: Unable to send userauth-publickey request.

I've tested this on 7 different boxes, all with identical version of PHP and the php ssh2 lib, all with identical user account, all with identical file perms. On the three boxes with current patch levels of Slackware 14.2, it fails. On the other boxes with are either running 14.1, slackware current or in one case an older version of 14.2 with the 4.4.157 kernel, it works great.

The PHP version and the php ssh2 library remains unchanged, I do not believe this to be a PHP problem since nothing there changed (though can't guarantee some weird interaction). I don't use the PHP version that comes with slackware, I use my own version with my own customizations, so slackpkg upgrade-all does not effect it.

I'm going to roll back the kernel and see what happens. If that doesn't yield anything, I may bump the boxes up to slackware-current, since this still works with that version.

Anyone ever see anything like this?
 
Old 04-15-2019, 04:44 PM   #2
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 8,831

Rep: Reputation: Disabled
It is unclear to me how the kernel could be a culprit. Also it has been last updated on Wed Jan 30 23:29:59 UTC 2019 and you mention in the thread's title "the latest patch level" and there have been many changes since then, among which libssh2 and gnutls. Did you try to rollback one of these?
 
1 members found this post helpful.
Old 04-15-2019, 04:57 PM   #3
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
My usage of the phrase "latest patch level" may have been poor choice of words....I don't know what it is actually called or if there is such a thing...

Specifically, in Friday 4/12/2019 I did slackpkg update and slackpkg upgrade-all, and just accepted whatever it wanted to install. As of this morning there were no new updates that slackpkg found.

How would you roll back, say, gnutls or libssh2? I'm not quite sure how to get the "previous" version. I know how to install different kernel versions, I've done that many times. For me, that was the easiest thing to try.

I have seen botched kernel updates do weird things and cause weird problems, but that is very rare. OK, I've actually seen that firsthand twice in the last several years. Neither was the fault of Slackware. One was a buggy realtek driver, the other was a buggy usb driver. Both were fixed in newer kernels.
 
Old 04-15-2019, 06:07 PM   #4
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 8,831

Rep: Reputation: Disabled
Quote:
Originally Posted by Ook View Post
How would you roll back, say, gnutls or libssh2? I'm not quite sure how to get the "previous" version.
Have a look at the ChangeLog for thta, for instance https://mirrors.slackware.com/slackw.../ChangeLog.txt

For libssh2 you are lucky, as the previous package is the one shipped initially.

For gnutls, you'd need to find some mirror that archive the "old" packages in /patches.

Quote:
I know how to install different kernel versions, I've done that many times. For me, that was the easiest thing to try.
which does not necessarily makes of the kernel the best culprit
 
1 members found this post helpful.
Old 04-15-2019, 06:39 PM   #5
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by Didier Spaier View Post
Have a look at the ChangeLog for thta, for instance https://mirrors.slackware.com/slackw.../ChangeLog.txt

For libssh2 you are lucky, as the previous package is the one shipped initially.

For gnutls, you'd need to find some mirror that archive the "old" packages in /patches.

which does not necessarily makes of the kernel the best culprit
Agreed, I was just going for the lower hanging fruit first
 
Old 04-15-2019, 06:40 PM   #6
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 5,947

Rep: Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644Reputation: 3644
Looks like this issue happened in Debian as well and was tied to libssh.

https://bugs.debian.org/cgi-bin/bugr...?bug=924965#30

(At least it seems like the same error.)
 
1 members found this post helpful.
Old 04-16-2019, 09:38 AM   #7
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
That appears to be the same problem. I'm going to update libssh2 on the offending box and see if it fixes the problem.
 
Old 04-16-2019, 10:14 AM   #8
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
I downloaded the current source for libssh2, compiled, copied libssh2.so.1.0.1 into /usr/lib64, and now it works. TYVM to those that pointed me to libssh2, it would not have been the first place I looked. This bit me and bit me hard. I had to switch a lot of code to using password auth, on the fly (I just love pushing sparsely tested code into production :0) , otherwise the proverbial fan would have really been hit.

And so this story comes to a happy ending, at least for now :-)
 
Old 04-16-2019, 01:19 PM   #9
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,695

Rep: Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235Reputation: 5235
Quote:
Originally Posted by Ook View Post
I downloaded the current source for libssh2, compiled, copied libssh2.so.1.0.1 into /usr/lib64, and now it works. TYVM to those that pointed me to libssh2, it would not have been the first place I looked. This bit me and bit me hard. I had to switch a lot of code to using password auth, on the fly (I just love pushing sparsely tested code into production :0) , otherwise the proverbial fan would have really been hit.

And so this story comes to a happy ending, at least for now :-)
So upgrading libssh2 in Slackware 14.2 to version 1.8.2 should take care of the regression?
 
Old 04-16-2019, 03:19 PM   #10
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by volkerdi View Post
So upgrading libssh2 in Slackware 14.2 to version 1.8.2 should take care of the regression?
I did not test it thoroughly, so I suppose there is always a slight chance of something else breaking. I am, however, currently running it on two Slackware 14.2 boxes and it is working perfectly. I have tasks fired by cron every 5-15 minutes that use this to auth to different boxes, some internal to my network, some on AWS instances, and they are all running 100%.
 
Old 04-16-2019, 03:23 PM   #11
Ook
Member
 
Registered: Apr 2004
Location: Hell, Arizona (July - 118 degrees)
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 596

Original Poster
Rep: Reputation: 116Reputation: 116
I downloaded the source code for libssh2-1.8.2.tar.gz from their website, https://libssh2.org/, and compiled it directly on the 14.2 boxes. So yes, 1.8.2 did fix this problem. I think they were running 1.8.1 prior to this.

I found this in the log files:

./removed_packages/libssh2-1.7.0-x86_64-1-upgraded-2019-04-12,07:27:46
./packages/libssh2-1.8.1-x86_64-1_slack14.2

This was from a couple of days ago when I did slackpkg update, slackpkg upgrade-all.

Last edited by Ook; 04-16-2019 at 03:25 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RSA SecurID: RSA Web Agent, integration of RSA auth page Linux_Kidd General 1 08-28-2013 05:59 PM
Latest Patch Level Steve_Aug Red Hat 1 05-31-2011 04:57 AM
How to patch my redhat Enterprise Linux 5.1 to the latest patch level? shaybery Red Hat 4 10-05-2008 02:04 AM
emacs in run level 3 then switch to X (level 7) then back to level 3 dsoliver Slackware 3 09-01-2006 03:31 AM
SSH: Can I force RSA auth for all but one account? LeoNot Linux - Security 1 07-10-2005 11:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration