Summary: | lpk on forums db servers causes logins to fail. | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Alec Warner <antarus> |
Component: | Other | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | forum-mods |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Alec Warner (RETIRED)
2012-02-09 11:32:47 UTC
There's no proper fix for it yet, so restarting SSHD for now is necessary. It's a bug in the LPK patch of OpenSSH, we have some patches but none of them help and the real root cause is not yet found. This is actually not an infra bug but more a upstream/openssh maintainer bug. (In reply to comment #1) > There's no proper fix for it yet, so restarting SSHD for now is necessary. > > It's a bug in the LPK patch of OpenSSH, we have some patches but none of them > help and the real root cause is not yet found. > This is actually not an infra bug but more a upstream/openssh maintainer bug. So this bug is to track the 'issue' that sometimes forums people can't login to their servers. It also records the fix (restarting sshd.) Ideally we would do some debugging and then open a second bug with more patches. I just want some kind of note down that we know about the issue, and the workaround so it isn't crazy infra lore. -A I spent some time on this tonight. Basically the client connects, immediately issues a STARTTLS op, the server sends a response, the client responds, and then the TLS negociation fails. The ldap server claims to support stuff like 'packet tracing' or 'DEBUG_LDAP_ANY' which prints all kinds of 'interesting' messages about TLS to syslog, but I can't seem to get those to work. I rebuilt ldap on meadowlark with USE="debug syslog", FYI. -A afaict, we haven't had issues with this in a while. Closing this for now. |