Opened 5 weeks ago

Last modified 8 days ago

#63405 new defect

openssh @8.4p1_6 on El Capitan broken today - also keychain gives error message.

Reported by: snowflake (Dave Evans) Owned by:
Priority: Normal Milestone:
Component: ports Version: 2.7.99
Keywords: Cc: thetrial (alabay), sambthompson (Sam Thompson)
Port: openssh keychain openssl

Description (last modified by snowflake (Dave Evans))

After the upgrade of openssh and openssl today, the ssh command of openssh no longer works.

Here is the message trying to connect to my beta host

$ ssh beta
Killed: 9

/Usr/bin/ssh works

I can not find any diagnostic messages for this error. I have restarted the system in case there are any programs which have not loaded the new openssl libraries.

The Macports port keychain has also stopped working.

Here's the message

 * keychain 2.8.5 ~ http://www.funtoo.org
 * Starting ssh-agent...
 * Adding  1 ssh key(s): /Users/davidevans/.ssh/id_rsa
Enter passphrase for /Users/davidevans/.ssh/id_rsa: 
Bad passphrase, try again for /Users/davidevans/.ssh/id_rsa: 
 * Error: Problem adding; giving up

I can find a crash report for ssh-agent in Logs.

Also the ReportCrash process crashes when trying to create a crash report.

Application Specific Information:
Analyzing process: ssh-agent[1194], path: /opt/local/bin/ssh-agent; parent process: [1], path: /sbin/launchd

This is all happening on El Capitan 10.11.6. On Monterey it is all working.

openssl @1.1.1l_0; keychain @2.8.5_1; openssh @8.4p1_6+kerberos5+xauth

Attachments (1)

ssh-agent_2021-08-25-172843_two.crash (11.2 KB) - added by snowflake (Dave Evans) 5 weeks ago.
Diagnostic report for ssh-agent

Download all attachments as: .zip

Change History (10)

Changed 5 weeks ago by snowflake (Dave Evans)

Diagnostic report for ssh-agent

comment:1 Changed 5 weeks ago by snowflake (Dave Evans)

Description: modified (diff)
Summary: openssh @8.4p1_6 on Mountain Lion broken today - also keychain gives error message.openssh @8.4p1_6 on El Capitan broken today - also keychain gives error message.

comment:2 Changed 5 weeks ago by snowflake (Dave Evans)

I activated the previous version of openssl = 1.1.1k_0 and now ssh-agent does not crash when keychain adds a password.

Last edited 5 weeks ago by snowflake (Dave Evans) (previous) (diff)

comment:3 Changed 5 weeks ago by kencu (Ken)

some fancy business happened with openssl 1.1.1l not building and then being fixed. openssh was revbumped to build against the new openssl 1.1.1l, but I'm not sure that happened correctly for you given the way things worked.

So if you have an interest, you could

  1. install the current 1.1.1l openssl
  2. rebuild from source openssh against that new openssl

and see if that works.

To rebuild openssh from source, you would uninstall the current version and rebuild it with the -s flag, something like this:

sudo port -f uninstall openssh
sudo port -v -s install openssh

NB. If your current working openssh is critical to you, just leave it until somebody else either fixes the issue, or confirms that this works.

comment:4 Changed 5 weeks ago by snowflake (Dave Evans)

Thank you.

I think I built from source the first time, but I followed your instructions and the error still persists -- ssh-agent crashes after entering the password in keychain.

comment:5 Changed 5 weeks ago by snowflake (Dave Evans)

I compiled openssh with debugging symbols. ssh without any arguments crashes.

Here's the lldb log:

Script started on Thu Aug 26 13:26:27 2021
command: lldb -X -f ssh
"crashlog" and "save_crashlog" command installed, use the "--help" option for detailed help
"malloc_info", "ptr_refs", "cstr_refs", "find_variable", and "objc_refs" commands have been installed, use the "--help" options on these commands for detailed help.
(lldb) target create "ssh"
Current executable set to 'ssh' (x86_64).
(lldb) run
Process 42888 launched: '/Users/davidevans/junk/hello/ssh' (x86_64)
Process 42888 stopped
* thread #1: tid = 0x2e178, 0x00007fff85e4083a libsystem_kernel.dylib`close + 10,
   queue = 'com.apple.main-thread', stop reason = EXC_GUARD 
         (code=4611686022722355203, subcode=0x7fff74599568)
    frame #0: 0x00007fff85e4083a libsystem_kernel.dylib`close + 10
libsystem_kernel.dylib`close:
->  0x7fff85e4083a <+10>: jae    0x7fff85e40844            ; <+20>
    0x7fff85e4083c <+12>: movq   %rax, %rdi
    0x7fff85e4083f <+15>: jmp    0x7fff85e3a7f2            ; cerror
    0x7fff85e40844 <+20>: retq   
(lldb) up 1
frame #1: 0x00000001000ad5b6 ssh`closefrom(lowfd=3) + 278 at bsd-closefrom.c:114
   111 			goto fallback;
   112 		for (i = 0; i < r / (int)PROC_PIDLISTFD_SIZE; i++) {
   113 			if (fdinfo_buf[i].proc_fd >= lowfd)
-> 114 				close(fdinfo_buf[i].proc_fd);
   115 		}
   116 		free(fdinfo_buf);
   117 		return;
(lldb) up 1
frame #2: 0x0000000100003b9f ssh`main(ac=1, av=0x00000001006043b0) + 415 at ssh.c:683
   680 		 * Discard other fds that are hanging around. These can cause problem
   681 		 * with backgrounded ssh processes started by ControlPersist.
   682 		 */
-> 683 		closefrom(STDERR_FILENO + 1);
   684 	
   685 		/* Get user data. */
   686 		pw = getpwuid(getuid());
(lldb) quit



comment:6 in reply to:  5 Changed 5 weeks ago by snowflake (Dave Evans)

Replying to snowflake:

>    680 		 * Discard other fds that are hanging around. These can cause problem
>    681 		 * with backgrounded ssh processes started by ControlPersist.
>    682 		 */
> -> 683 		closefrom(STDERR_FILENO + 1);
>    684 	
>    685 		/* Get user data. */
>    686 		pw = getpwuid(getuid());

I commented out line 683 in ssh.c, as shown above, and it now connects to my hosts. This is NOT a fix! I do not know why closefrom() is not working.

Or even why the unmodified ssh works if openssl 1.1.1k is installed.

Last edited 5 weeks ago by snowflake (Dave Evans) (previous) (diff)

comment:7 Changed 4 weeks ago by thetrial (alabay)

Cc: thetrial added

comment:8 Changed 2 weeks ago by sambthompson (Sam Thompson)

Cc: sambthompson added

comment:9 Changed 8 days ago by thetrial (alabay)

I'm afraid there may be also a dependency on #63417.

Note: See TracTickets for help on using tickets.