[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy

On Mon, Sep 17, 2018 at 12:00:48PM +0200, Joost van Baal-Ilić wrote:
> Hi,
> 
> Op Mon, Sep 17, 2018 at 11:49:12AM +0200 schreef Микаел Бак:
> > On 2018-09-17 10:58, Joost van Baal-Ilić wrote:
> > >
> > >After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
> > >we see
> > >
> > >  Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh2
> > >  Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth]
> > >
> > >.  Login fails:
> > >
> > >  joostvb@home:~% ssh root@host
> > >  Authentication failed.
> > >
> > >.  Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
> > >
> > >Behaviour observed on 2 of our machines.  Possibly more debug information
> > >available; please ask.
> > >
> > 
> > I also get the same error on all my wheezy servers after updating the
> > openssh-server package. All of them are LXC containers running on a Ubuntu
> > 16.04 LTS host. Perhaps it has something to do with it.
> 
> FWIW; here it is VMWare guests running a pretty regular Debian 7/wheezy.
> 
> Thanks, Bye,
> 
> Joost
> 

I am the developer who prepard the problematic openssh update.

I have been trying to reproduce this problem, but I cannot trigger the
failure described.  Prior to your two reports I had received a report
via direct email from another user experiencing the same symptons.

I tried a wheezy server running 1:6.0p1-4+deb7u7 and also
1:6.0p1-4+deb7u8 (I setup a fresh VM just for this test) against clients
running wheezy (1:6.0p1-4+deb7u7 and 1:6.0p1-4+deb7u8) as well as a
jessie client.  Every single authentication attempt succeeded.

Do you think you could provide some additional information to help me
reproduce the problem?

- architecture
- sshd_config from server and ssh_config from client (and any
  ~/.ssh/config involved if that is a factor)
- complete server-side log output of a failed login attempt (after
  setting the log level to debug or something else suitably verbose)
- complete client-side console output of a failed login attempt run with
  the -vvv option to the ssh command
- any other information that may identify unique aspects of your setup
  that might in any way be related to the failure

If you prefer not share such via public list, please mail it to me
directly.  If you need to encrypt the email to me, my GPG key is
available in the Debian keyring (ID 0x7731FCCC63E4E277).

Regards,

-Roberto

-- 
Roberto C. Sánchez
Reply to: