[GE users] SSH Integrations -tight-ssh

mhanby mhanby at uab.edu
Tue Sep 22 15:09:51 BST 2009


If I run the following without patching sshd.c, openssh will compile fine
./aimk -no-dump -no-jni -no-java -tight-ssh

If I compile with the patched sshd.c it fails with this error:

gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L. -Lopenbsd-compat/ -L/home/mhanby/software/ge6.2u3-source/rocks5.2-BUILD/sge-V62u3/gridengine/source/usr/lib   -L/home/mhanby/software/ge6.2u3-source/rocks5.2-BUILD/sge-V62u3/gridengine/source/usr/lib/ -L. -rdynamic -Wl,-rpath,\$ORIGIN/../../lib/lx26-amd64 -lssh -lopenbsd-compat   -lcrypto -lutil -lz -lnsl  -L../../../LINUXAMD64_26 -L../../../3rdparty/remote/LINUXAMD64_26/ -lsgeremote -luti -lcommlists -llck -lrmon  -ljemalloc -lm -lpthread  -lcrypt -lresolv -lresolv
../../../3rdparty/remote/LINUXAMD64_26//libsgeremote.a(err_trace.o): In function `shepherd_error':
err_trace.c:(.text+0x1050): undefined reference to `g_new_interactive_job_support'
collect2: ld returned 1 exit status
make: *** [sshd] Error 1
not done

These are the full list of aimk commands that lead up to the building of -tight-ssh

./aimk -only-depend -no-dump
scripts/zerodepend
./aimk -no-dump depend
./aimk -no-dump -no-jni -no-java
./aimk -no-dump -no-jni -no-java -tight-ssh

And here's the patch file
--- sshd.c      2009-01-27 23:31:23.000000000 -0600
+++ sshd-sge.c  2009-09-21 11:19:50.000000000 -0500
@@ -695,7 +695,11 @@
        RAND_seed(rnd, sizeof(rnd));

        /* Drop privileges */
+#ifdef SGESSH_INTEGRATION
+       sgessh_do_setusercontext(authctxt->pw);
+#else
        do_setusercontext(authctxt->pw);
+#endif

  skip:
        /* It is safe now to apply the key state */
@@ -1257,6 +1261,9 @@
 #endif
        __progname = ssh_get_progname(av[0]);
        init_rng();
+#ifdef SGESSH_INTEGRATION
+       sgessh_readconfig();
+#endif

        /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
        saved_argc = ac;

I'm using the same version of openssh as exists on the system, OpenSSH_4.3p2, OpenSSL 0.9.8e

thanks for any insight,

Mike

-----Original Message-----
From: rayson [mailto:rayrayson at gmail.com] 
Sent: Monday, September 21, 2009 10:03 AM
To: users at gridengine.sunsource.net
Subject: Re: [GE users] SSH Integrations -tight-ssh

On 9/21/09, mhanby <mhanby at uab.edu> wrote:
> I've been reading through the examples, instructions, etc... on the web regarding building tight integration with SSH.
>
> I see some old posts that reference patching sshd.c (and in some examples other openssh source files).
>
> Is this still necessary with 6.2u3? Or does -tight-ssh do the patching on the fly (or not need it)? If it is necessary to patch the source files for openssh, where do I obtain the diff files?

There are 2 tight SGE-SSH integrations:

"Secure SGE Using Kerberos5, SSH and Accessing AFS"

and

"SGE-openSSH Tight Integration"

You can find the details of both at:

http://gridengine.sunsource.net/workshop10-12.09.07/proceedings.html

The 2nd one requires building with "-tight-ssh", and as of now you
still need to patch sshd.c in the OpenSSH source code.

Rayson




>
> I'm building it as follows:
>
> 1. Extract openssh-5.2p1.tar.gz to 3rdparty and rename the directory to 3rdparty/openssh
> 2. Build Grid Engine:
> ./aimk -only-depend -no-dump
> scripts/zerodepend
> ./aimk -no-dump depend
> ./aimk -no-dump -no-jni -no-java
> ./aimk -no-dump -no-jni -no-java -tight-ssh
> ./aimk -no-dump -man
>
> Following the build, I see the ssh binaries have been built, so -tight-ssh is successful in that regard.
>
> Thanks, Mike
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218211
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218215

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=218380

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list