User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101
Firefox/55.0
Build Identifier:
When trying to use GSSAPIKeyExchange, the SSH Server just closes the
connection. The same function works fine on our Ubuntu and Debian SSH Servers.
On the client side, I get this output:
debug1: Doing group exchange
debug2: bits set: 1559/3072
debug1: Calling gss_init_sec_context
Connection closed by 2001:638:902:2010:5054:ff:fe08:c12
zsh: exit 255 ssh -vvvvv -p 2222 infraextra
On the server, I tried to run sshd with debug output, and it ends like this:
debug3: mm_request_send entering: type 45
debug2: bits set: 4126/8192 [preauth]
xmalloc: zero size [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug3: mm_request_send entering: type 124 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 124
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 5137
I believe the xmalloc: zero size is related to the problem here. If I disable
privsep, the issue becomes instead:
xmalloc: out of memory (allocating 3617008690259980144 bytes)
Reproducible: Always
Steps to Reproduce:
1. Enable GSSAPIKeyExchange in /etc/ssh/sshd_config
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIKeyExchange yes
2. restart sshd
3. Try to connect from other computer
Actual Results:
SSH connection closed unexpectedly
Expected Results:
Login succeeds
The KDC is running on Debian stable, version 1.12.1+dfsg-19+deb8u2 of MIT
Kerberos. The SSH Clients and other SSH Servers are 6.7p1-5+deb8u3 and
7.2p2-4ubuntu2.1
Using the openSUSE ssh client to connect to itself does *not* crash, but does
not verify the host using GSSAPI either -- I get the typical
The authenticity of host '...' can't be established.
ECDSA key fingerprint is SHA256:ox...
Are you sure you want to continue connecting
prompt