Question about SSH connection crash in Ubuntu 18.04 (OpenSSH_v7.6p1)

Asked by Michael Fong on 2020-11-10

Hi all,

We are experiencing a SSH connection drop problem with Ubuntu 18.04 / OpenSSH 7.6p1 using our own SSH client. (not open ssh client)

When the user mistakenly puts invalid user name and client connects to SSH server with public/private key authentication, the connection crashes with core dump during key authentication.

If someone could share some insight or have experience with the same issue, it would be great! Any help is appreciated!

The same scenario is not reproducible with various Ubuntu version and only seen this error on Ubuntu 18.04 / OpenSSH 7.6p1

Ubuntu 16.04 with OpenSSH_7.2p2, OpenSSL 1.0.2g ---- PASSED
Ubuntu 18.04 with OpenSSH_7.6p1, OpenSSL 1.0.2n ---- FAILED
Ubuntu 20.04 with OpenSSH_8.2p1, OpenSSL 1.1.1f ---- PASSED

Thanks in advance!

Question information

English Edit question
Ubuntu openssh Edit question
No assignee Edit question
Last query:
Last reply:

This question was reopened

Michael Fong (mcfongtw) said : #1

Here is the gdb bt from the core dump, if anyone is familiar with openssh code:

(gdb) bt
#0 0x00007f90f5a8f09d in __GI___libc_sigaction (sig=sig@entry=11, act=act@entry=0x0, oact=0x7ffde73cf2c0, oact@entry=0x7ffde73cf410) at ../sysdeps/unix/sysv/linux/x86_64/sigaction.c:55
#1 0x00007f90f5a8f23d in __GI___sigaction (sig=sig@entry=11, act=act@entry=0x0, oact=oact@entry=0x7ffde73cf410) at ../nptl/sigaction.c:40
#2 0x0000557944fd6472 in mysignal (sig=sig@entry=11, act=act@entry=0x0) at ../../../openbsd-compat/bsd-misc.c:230
#3 0x0000557944f97ede in sshbuf_check_sanity (buf=0x7ffde73cf4f8) at ../../sshbuf.c:46
#4 sshbuf_free (buf=buf@entry=0x7ffde73cf4f8) at ../../sshbuf.c:160
#5 0x0000557944f86f11 in userauth_pubkey (ssh=0x557945a11b20) at ../../auth2-pubkey.c:168
#6 0x0000557944f7e275 in input_userauth_request (type=<optimized out>, seq=<optimized out>, ssh=<optimized out>) at ../../auth2.c:298
#7 0x0000557944fb9b3a in ssh_dispatch_run (ssh=ssh@entry=0x557945a11b20, mode=mode@entry=0, done=done@entry=0x557945a12a30) at ../../dispatch.c:113
#8 0x0000557944fb9be9 in ssh_dispatch_run_fatal (ssh=ssh@entry=0x557945a11b20, mode=mode@entry=0, done=done@entry=0x557945a12a30) at ../../dispatch.c:133
#9 0x0000557944f7d0b7 in do_authentication2 (authctxt=0x557945a12a30) at ../../auth2.c:179
#10 0x0000557944f711c7 in main (ac=<optimized out>, av=<optimized out>) at ../../sshd.c:2126

Launchpad Janitor (janitor) said : #2

This question was expired because it remained in the 'Open' state without activity for the last 15 days.