Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How to instruct SSHD to use its absolute path when forking?
1,481 views
Skip to first unread message
nolo...@gmail.com
Aug 23, 2015, 1:56:07 PM8/23/15
to
I'm having troubles with an updated OpenSSH server installed in `--prefix=/usr/local`. SSHD's path is `/usr/local/sbin/sshd`. When the server receives a connection, the connection fails.
The client displays the following when run with `-d`: "ssh_exchange_identification: Connection closed by remote host".
The server displays the following when run with `-d`: "sshd re-exec requires execution with an absolute path".
There were no configuration operations related to forking behavior. `./configure --help | egrep "(fork|re-exec)` returns nothing. Grepping the source code for interesting defines related to forking returned extraneous results. For example, `egrep -IR -i "(exec|fork)" * | grep define` returns about 10 hits, but none of them look like they control the behavior.
How do I tell SSHD to use its absolute path when forking?
The client displays the following when run with `-d`: "ssh_exchange_identification: Connection closed by remote host".
The server displays the following when run with `-d`: "sshd re-exec requires execution with an absolute path".
There were no configuration operations related to forking behavior. `./configure --help | egrep "(fork|re-exec)` returns nothing. Grepping the source code for interesting defines related to forking returned extraneous results. For example, `egrep -IR -i "(exec|fork)" * | grep define` returns about 10 hits, but none of them look like they control the behavior.
How do I tell SSHD to use its absolute path when forking?
nolo...@gmail.com
Aug 23, 2015, 3:57:15 PM8/23/15
to
On Sunday, August 23, 2015 at 1:56:07 PM UTC-4, nolo...@gmail.com wrote:
> I'm having troubles with an updated OpenSSH server installed in `--prefix=/usr/local`. SSHD's path is `/usr/local/sbin/sshd`. When the server receives a connection, the connection fails.
>
> The client displays the following when run with `-d`: "ssh_exchange_identification: Connection closed by remote host".
>
> The server displays the following when run with `-d`: "sshd re-exec requires execution with an absolute path".
>
It appears the error message "sshd re-exec requires execution with an absolute path" is caused by the following in `sshd.c`. It is present near line 1625:
> I'm having troubles with an updated OpenSSH server installed in `--prefix=/usr/local`. SSHD's path is `/usr/local/sbin/sshd`. When the server receives a connection, the connection fails.
>
> The client displays the following when run with `-d`: "ssh_exchange_identification: Connection closed by remote host".
>
> The server displays the following when run with `-d`: "sshd re-exec requires execution with an absolute path".
>
if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
fatal("sshd re-exec requires execution with an absolute path");
Changing the code to print av[0] shows there is no executable or path:
if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
fatal("sshd re-exec requires execution with an absolute path (re-exec with \"%s\")", (av[0] ? av[0] : "<NULL>"));
The new message (because of the changes above) includes "(re-exec with "-i -d")"
This is OS X 10-5 on a old PowerMac, and the service is being started by Launchd and a plist file. Unfortunately, changing the plist to explicitly provide the absolute path in argv[0] (the full cat is shown below):
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/sshd -i -d</string>
</array>
Results in the following. Notice sshd.c still stripped the absolute path I entered at argv[0]:
$ sudo grep 'sshd' /var/log/* 2>/dev/null
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: error: Bind to port 22 on :: failed: Address already in use.
/var/log/system.log:Aug 23 15:51:22 riemann.local sshd -i -d[1243]: fatal: Cannot bind any address.
> How do I tell SSHD to use its absolute path when forking?
Help would be appreciated.
-----
$ cat ssh-7.1.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.openssh.sshd-v7.1</string>
<key>Program</key>
<string>/usr/local/sbin/sshd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/sshd -i -d</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>1522</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>StandardErrorPath</key>
<string>/var/log/sshd.log</string>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
</dict>
</plist>
Simon Tatham
Aug 23, 2015, 5:34:06 PM8/23/15
to
<nolo...@gmail.com> wrote:
> This is OS X 10-5 on a old PowerMac, and the service is being started by
> Launchd and a plist file. Unfortunately, changing the plist to
> explicitly provide the absolute path in argv[0] (the full cat is shown
> below):
>
> <key>ProgramArguments</key>
> <array>
> <string>/usr/local/sbin/sshd -i -d</string>
> </array>
I don't know the plist semantics for sure, but if I've made sense of
> This is OS X 10-5 on a old PowerMac, and the service is being started by
> Launchd and a plist file. Unfortunately, changing the plist to
> explicitly provide the absolute path in argv[0] (the full cat is shown
> below):
>
> <key>ProgramArguments</key>
> <array>
> <string>/usr/local/sbin/sshd -i -d</string>
> </array>
the format, surely that would set the following argument list:
argc = 1
argv[0] = "/usr/local/sbin/sshd -i -d"
whereas what you wanted was
argc = 3
argv[0] = "/usr/local/sbin/sshd"
argv[1] = "-i"
argv[2] = "-d"
so that argv[0] is _just_ the absolute path.
What would happen if you did this instead?
<array>
<string>/usr/local/sbin/sshd</string>
<string>-i</string>
<string>-d</string>
</array>
--
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
print "".join([chr(32+3*((k>>x)&1))for x in range(79)]) # <ana...@pobox.com>
nolo...@gmail.com
Aug 23, 2015, 6:41:26 PM8/23/15
to
On Sunday, August 23, 2015 at 5:34:06 PM UTC-4, Simon Tatham wrote:
> <nolo...@gmail.com> wrote:
> > This is OS X 10-5 on a old PowerMac, and the service is being started by
> > Launchd and a plist file. Unfortunately, changing the plist to
> > explicitly provide the absolute path in argv[0] (the full cat is shown
> > below):
> >
> > <key>ProgramArguments</key>
> > <array>
> > <string>/usr/local/sbin/sshd -i -d</string>
> > </array>
>
> I don't know the plist semantics for sure, but if I've made sense of
> the format, surely that would set the following argument list:
>
> argc = 1
> argv[0] = "/usr/local/sbin/sshd -i -d"
>
> whereas what you wanted was
>
> argc = 3
> argv[0] = "/usr/local/sbin/sshd"
> argv[1] = "-i"
> argv[2] = "-d"
>
Yep, that was it. Thanks.
> <nolo...@gmail.com> wrote:
> > This is OS X 10-5 on a old PowerMac, and the service is being started by
> > Launchd and a plist file. Unfortunately, changing the plist to
> > explicitly provide the absolute path in argv[0] (the full cat is shown
> > below):
> >
> > <key>ProgramArguments</key>
> > <array>
> > <string>/usr/local/sbin/sshd -i -d</string>
> > </array>
>
> I don't know the plist semantics for sure, but if I've made sense of
> the format, surely that would set the following argument list:
>
> argc = 1
> argv[0] = "/usr/local/sbin/sshd -i -d"
>
> whereas what you wanted was
>
> argc = 3
> argv[0] = "/usr/local/sbin/sshd"
> argv[1] = "-i"
> argv[2] = "-d"
>
0 new messages