Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 161384

Summary: net-misc/openssh-4.5_p1 - GSSAPIDelegateCredentials yes in ssh_config breaks scp and ssh host command
Product: Gentoo Linux Reporter: Spooky Ghost <spookyghost>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED WORKSFORME    
Severity: normal CC: lcars
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: sshd_config
ssh_config

Description Spooky Ghost 2007-01-10 19:57:12 UTC 
I have two machines 1 amd64, the other x86.  Upgraded to net-misc/openssh-4.5_p1 recently and now discovered that the option GSSAPIDelegateCredentials yes in ssh_config breaks things.  Specifically I can no longer use scp or ssh host command.  As soon as this one line is commented out in the config and without restarting sshd normal behaviour is resumed.  Kerberos implementation in use is heimdal.

Reproducible: Always

Steps to Reproduce:
1. Install OpenSSH + heimdal
2. scp root@host:file .
3.

Actual Results:  
copy/command execution fails -  scp -v root@spook:/etc/passwd /tmp/t
Executing: program /usr/bin/ssh host spook, user root, command scp -v -f /etc/passwd
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to spook [192.168.1.139] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'spook' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Authentication succeeded (gssapi-with-mic).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v -f /etc/passwd
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status -1


Expected Results:  
file copies / command executes

# emerge --info
Portage 2.1.1-r2 (default-linux/amd64/2006.1/no-multilib, gcc-4.1.1, glibc-2.4-r4, 2.6.18-gentoo-r2 x86_64)
=================================================================
System uname: 2.6.18-gentoo-r2 x86_64 AMD Opteron(tm) Processor 242
Gentoo Base System version 1.12.6
Last Sync: Wed, 10 Jan 2007 16:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r2, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-march=opteron -O3 -pipe"
DISTDIR="/export/distfiles"
FEATURES="autoconfig ccache distlocks metadata-transfer noautoaccts parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--progress --stats"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amd64 X Xaw3d aac aalib acl acpi aim alsa alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_ens1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2 arts audiofile avi bash-completion berkdb bitmap-fonts bluetooth bonobo bzip2 caps cdb cdr cli cpdflib cracklib crypt cups curl dba dbm dbus dga directfb divx4linux dlloader doc dri dts dvb dvd dvdr elibc_glibc encode esd exif expat fam fbcon fftw flac flash foomaticdb fortran ftp gd gdbm gif gnome gphoto2 gpm gtk gtk2 gtkhtml hal iconv icq imagemagick imap imlib innodb input_devices_joystick input_devices_keyboard input_devices_mouse input_devices_vmmouse ipv6 irmc isdnlog jabber java jbig joystick jpeg jpeg2k kde kerberos kernel_linux lcms ldap libedit libg++ libwww lirc lirc_devices_hauppauge lm_sensors mad maildir mailwrapper mhash mime ming mng mp3 mpeg msn mysql ncurses nls nptl nptlonly offensive ogg openal opengl oscar pam pcre pdf pdflib perl php png postgres ppds pppd python qt3 quicktime readline reflection samba sasl sdl seamonkey session slp snmp spell spl ssl svg tcl tcltk tcpd tetex theora tiff tk truetype truetype-fonts type1-fonts udev unicode usb userland_GNU v4l v4l2 video_cards_fbdev video_cards_mga video_cards_nv video_cards_nvidia video_cards_r128 video_cards_radeon video_cards_vesa video_cards_vga video_cards_vmware videos vorbis wmf xine xinerama xml xml2 xorg xpm xsl xv xvid yahoo zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 1 Spooky Ghost 2007-01-10 19:59:43 UTC 
Created attachment 106404 [details]
sshd_config
Comment 2 Spooky Ghost 2007-01-10 20:00:01 UTC 
Created attachment 106406 [details]
ssh_config
Comment 3 SpanKY gentoo-dev 2007-09-29 07:25:22 UTC 
re-open if 4.7_p1 doesnt work