5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'

Andrew Konstantinov andrei at kableu.com
Mon Jan 31 17:20:58 PST 2005 

On Mon, Jan 31, 2005 at 02:49:09PM -0800, Doug White wrote:
> Be aware that it was a weekend in the US yesterday so the people likely to
> answer your question were probably out having fun, which is why you didn't
> get an answer in 24 hours. Paitience, grasshopper. :)
> 
> On Sun, 30 Jan 2005, Andrew Konstantinov wrote:
> 
> > Hello,
> >
> > As the topic says, I've experienced some unusual sshd behavior after I moved
> > some of my systems from RELENG_5_3 to RELENG_5 recently. The unusuality of the
> > behavior is illustrated by the following exerpt from the /var/log/auth.log on
> > the RELENG_5 system:
> >
> > Jan 29 14:53:38 mail sshd[699]: login_getclass: unknown class 'root'
> 
> I can't reproduce this on my systems, many of which started at 5.3 and now
> build 5-stable.  Are you using the system ssh or one you built from ports?
> 
> What is the output of 'ls -l /etc/login.conf*'?

mail# uname -rs
FreeBSD 5.3-STABLE
mail# date
Mon Jan 31 16:53:00 PST 2005
mail# ls -l /etc/login.conf*
-rw-r--r--  1 root  wheel   6522 Jan 29 14:09 /etc/login.conf
-rw-r--r--  1 root  wheel  65536 Jan 29 14:09 /etc/login.conf.db
mail# grep -A 3 -E '^root' /etc/login.conf
root:\
	:ignorenologin:\
	:tc=default:

mail# tail -4 /var/log/auth.log
Jan 31 16:52:59 mail sshd[14262]: login_getclass: unknown class 'root'
Jan 31 16:52:59 mail last message repeated 3 times
Jan 31 16:52:59 mail sshd[14262]: Accepted publickey for root from 192.168.0.1 port 59976 ssh2
Jan 31 16:52:59 mail sshd[14261]: Accepted publickey for root from 192.168.0.1 port 59976 ssh2
mail#

I'm using the system supplied ssh client and server. All of this is really
confusing to me. Three of my systems were initially running 5.2.1, then were
upgraded to 5.3 release and then followed the vector of p1, p2, p3, p4, and p5
updates. But, a few days ago I moved all of them to RELENG_5 and this weirdness
came up. The most interesting part is that when I downgrade back to RELENG_5_3,
all of this disappears.

Here is what happens to sshd in debug mode:

mail# sshd -ddd
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419
[...]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug1: ssh_dss_verify: signature correct
debug3: mm_answer_keyverify: key 0x80789b0 signature verified
debug3: mm_request_send entering: type 23
Accepted publickey for root from 192.168.0.1 port 63791 ssh2
debug1: monitor_child_preauth: root has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss
Accepted publickey for root from 192.168.0.1 port 63791 ssh2
debug3: mm_send_keystate: Sending new keys: 0x8079500 0x80794c0
debug3: mm_newkeys_to_blob: converting 0x8079500
debug3: mm_newkeys_to_blob: converting 0x80794c0
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
[...]

Here is my make.conf on this particular system:

mail# grep -v '^#' /etc/make.conf
CFLAGS=         -O -pipe
COPTFLAGS=      -O -pipe
CPUTYPE=        p2
KERNCONF=       CUSTOM
MAKE_IDEA=      YES
NOATM=          true
NOGAMES=        true
NO_BLUETOOTH=   true
NO_FORTRAN=     true
NO_I4B=         true
NO_PF=          true
NO_AUTHPF=      true
NO_IPFILTER=    true
NO_KERBEROS=    true
NO_LPR=         true
NO_NIS=         true
NO_SENDMAIL=    true
PPP_NOSUID=     true
PRINTERDEVICE=  ascii
WITH_OPTIMIZED_CFLAGS=  true
X_WINDOW_SYSTEM=xorg
PERL_VER=5.8.5
PERL_VERSION=5.8.5
PERL_ARCH=mach
NOPERL=yo
NO_PERL=yo
NO_PERL_WRAPPER=yo
mail#

In case if it matters, root accounts on those servers do not use passwords for
authentication. The authentication is done solely by public/private ssh keys.

mail# grep root /etc/master.passwd | head -1
root:*:0:0::0:0:Andrew Konstantinov:/root:/bin/csh
mail# mount | head -1
/dev/ad0s1a on / (ufs, local, read-only)
mail# sysctl kern.securelevel
kern.securelevel: 2
mail#

I suppose the kernel config file should not be necessary. :) Any ideas at all?

Thanks in advance,
       Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050131/df113a05/attachment.bin

More information about the freebsd-stable mailing list