Package: ssh Version: 1:4.2p1-5 Severity: normal *** Please type your report below this line ***
This may be another incidence of #328568, #328606. I can ssh to localhost fine. I can ssh to a remote debian host fine. But when I ssh to an external host running sun's openssh I get a segv: - the client reads the prompt from the remote ssh server, - does a getpid() call, - sends its version string to the server, - reads something back from the server - calls time() and then calls getpid() a couple of times - then it tries to send something to the server that looks to be a request for the server key fingerprint, and segvs there. The next steps would be checking the various local known_hosts files. I can supply straces if you need them but I'm not up to rebuilding packages with -g turned on. This has been going on intermittently for the last couple of months; now it is quite reproducible on two separate hosts running the same OS and server software. The string the afflicted server sends back is 'SSH-1.99_SSH 1.0.1', which is somewhat shorter than what debian sshd servers send. I've marked this 'normal' since the affected population seems small, but it seems Not Good to have the client segv on quite innocent input from a real ssh server. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: sparc (sparc64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-sparc64 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages ssh depends on: ii openssh-client 1:4.2p1-5 Secure shell client, an rlogin/rsh ii openssh-server 1:4.2p1-5 Secure shell server, an rshd repla ssh recommends no packages. -- debconf information: ssh/insecure_rshd: ssh/ssh2_keys_merged: ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true * ssh/SUID_client: true * ssh/disable_cr_auth: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
