bin/51892: can't ssh after su to different local user

Joseph Kacmarcik joe at
Tue May 6 13:40:11 PDT 2003

>Number:         51892
>Category:       bin
>Synopsis:       can't ssh after su to different local user
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 06 13:40:08 PDT 2003
>Originator:     Joseph Kacmarcik
>Release:        FreeBSD 5.0-RELEASE-p3 i386
System: FreeBSD 5.0-RELEASE-p3 FreeBSD 5.0-RELEASE-p3 #0: Mon Feb 24 11:39:12 PST 2003 joe at i386


        when i login via console or via ssh as user1, i can ssh out to other boxes (or localhost) without difficulty. if the remote host is not in my known_hosts, i'm prompted to add the key. when i login as user2, i get the same effects, i can ssh out with no trouble. in this situation, user2 is a common user and will not be allowed direct login with the sshd_config parameter DenyUsers. user1 and other users will su to user2 or 'sudo su' to user2. anytime i do 'su - user2' or 'sudo su - user2' and i try to ssh to a remote box (or localhost), i get "Host key verification failed.". i've also tried just 'su user2' and 'sudo su user2' to avoid importing the environment.
	i've tried homedirs that are completely empty thinking it may be the environment, changing shells, changing uid's. i just dunno what's goin on. i've looked at the output of ssh -vvv while user1 and after su to user2 and they are identical up to where i would get verification of an unknown host or password, but after su, i get the failure. i've run sshd in debug, su'ed to user2 and did ssh -vvv localhost. looking at the debug output, it stops at "debug1: waiting for SSH2_MSG_NEWKEYS" and immediately following is "Connection closed by"


	login as any user, su to a different local user (including root), try to ssh anywhere (including localhost). i have completely reinstalled freebsd 5 on a new drive and i get the same results. i've also tried this on other freebsd 5 machines with the same result. i've never needed to have this functionality on freebsd 5 but it does work on freebsd 4 as well as other OS'es.


	if i login directly as root or su to root, i can ssh anywhere (including localhost). i don't consider this a resolution or workaround.


More information about the freebsd-bugs mailing list