Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When disconnecting using OTP SSH - panic: runtime error: invalid memory address or nil pointer dereference #3995

Closed
Jared-Stensland opened this issue Feb 16, 2018 · 3 comments
Closed

When disconnecting using OTP SSH - panic: runtime error: invalid memory address or nil pointer dereference #3995

Jared-Stensland opened this issue Feb 16, 2018 · 3 comments

Comments

@Jared-Stensland
Copy link

Environment:

  • Vault Version: Vault v0.9.3 ('5acd6a21d5a69ab49d0f7c0bf540123a9b2c696d')

  • Operating System/Architecture: ubuntu 16.04

Vault Config File:
This is on the vault servers, not the machine where I get the panic.

storage "consul" {
  address = "127.0.0.1:8500"
  path    = "vault"
}

listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = "true"
}

telemetry {
}

Startup Log Output:

-- Logs begin at Thu 2018-02-15 23:38:01 UTC. --
Feb 16 21:17:44 ip-10-11-4-18 vault[1192]: 2018/02/16 21:17:44.209911 [INFO ] core: enabled credential backend: path=aws/ type=aws
Feb 16 21:34:08 ip-10-11-4-18 vault[1192]: 2018/02/16 21:34:08.053029 [INFO ] core: successful mount: path=ssh/ type=ssh

Expected Behavior:
I can terminate an SSH connection without an error.

Actual Behavior:

When you terminate a remote ssh connection, it terminates the connection and then throws this panic

Steps to Reproduce:

Install vault
Set VAULT_ADDR to vault server. (I am not using https)
Install and configure vault-ssh-helper on target machine (run in -dev mode) vault-ssh-helper v0.1.4
Set up OTP role in vault
Login to vault, and attempt to vault ssh to target machine. The error occurs when you close the connection.

$ vault ssh -mode=otp -role otp_key_role [email protected]
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1047-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

50 packages can be updated.
17 updates are security updates.


Last login: Fri Feb 16 22:48:28 2018 from 10.11.26.95
ubuntu@ip-10-11-34-99:~$ exit
logout
Connection to 10.11.34.99 closed.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7ad523]
.
.
.

If you don't specify the mode, you get the same panic immediately, rather than on disconnect

$ vault ssh -role otp_key_role [email protected]
WARNING: No -mode specified. Use -mode to tell Vault which ssh authentication
mode to use. In the future, you will need to tell Vault which mode to use.
For now, Vault will attempt to guess based on the API response. This guess
involves creating a temporary credential, reading its type, and then revoking
it. To reduce the number of API calls and surface area, specify -mode
directly. This will be removed in Vault 0.11 (or later).
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7ad523]
.
.
.

Panics are in gist
https://gist.github.com/Jared-Janrain/9fd5c10f0ef20da86d0b62bf9033c77d
@jefferai
Copy link
Member

Likely a duplicate of #3922, any chance you can test with master?

@Jared-Stensland
Copy link
Author

Jared-Stensland commented Feb 17, 2018
edited
Loading

I went ahead and built from master, and it resolved the issue. Thank you.

@jefferai
Copy link
Member

Great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jefferai @Jared-Stensland