[foofus-tools] Medusa SSH Failures

jmk jmk at foofus.net
Tue Mar 10 13:26:31 PDT 2009

Good afternoon,

I've received a number of direct emails regarding Medusa failing when
attempting to perform multiple concurrent logons via SSH. The displayed
message is typically the following:

medusa: ath.c:186: _gcry_ath_mutex_lock: Assertion `*lock ==
((ath_mutex_t) 0)' failed.

Libssh2, which Medusa leverages for SSH bruting, can be built to use
either libgcrypt or OpenSSL. It appears that several Linux
distributions, notably Debian and Ubuntu, ship with libssh2 built to use
libgcrypt. Unfortunately, I'm of the belief that something within how
libgcrypt and libssh2 play together isn't working so well for
multi-threaded applications.

Ideally, someone can track down why libgcrypt is throwing the assert and
find a solution. FWIW, I doubt this will be me. ;) The SSH module has
been working fine for me with my non-libgcrypt libssh2 environment (i.e.
simply build libssh2 with "./configure --without-libgcrypt").

I've also received concerns with regards to the speed of Medusa for SSH
bruting. Since we rely on libssh2, I don't believe there is much we can
do to speed things up. If people have experience with other SSH
libraries or open-source tools which perform this task better, please
let me know and I'll take a look at them.


More information about the foofus-tools mailing list