Bug#506938: openssh-server: Can't connect to sshd on vserver since the latest update in lenny (only on vservers)
Package: openssh-server
Version: 1:5.1p1-3
Severity: grave
Justification: renders package unusable
Since the last update the ssh-server won't accept connection if it runs on a
vserver. The ssh-server on non vservers runs normal. The ListenAddress is set
correctly and everythings worked fine before the update. No other options in
the sshd_config have been touched.
Debug output follows:
---Debug output from auth.log---
Nov 25 11:39:25 web sshd[13098]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Nov 25 11:39:25 web sshd[13091]: debug1: Forked child 13098.
Nov 25 11:39:25 web sshd[13098]: error writing /proc/self/oom_adj: Permission denied
Nov 25 11:39:25 web sshd[13098]: debug1: inetd sockets after dupping: 3, 3
Nov 25 11:39:25 web sshd[13098]: Connection from 192.168.0.140 port 52076
Nov 25 11:39:25 web sshd[13098]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-3
Nov 25 11:39:25 web sshd[13098]: debug1: match: OpenSSH_5.1p1 Debian-3 pat OpenSSH*
Nov 25 11:39:25 web sshd[13098]: debug1: Enabling compatibility mode for protocol 2.0
Nov 25 11:39:25 web sshd[13098]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3
Nov 25 11:39:25 web sshd[13099]: fatal: chroot("/var/run/sshd"): Operation not permitted
Nov 25 11:39:25 web sshd[13099]: debug1: do_cleanup
Nov 25 11:39:25 web sshd[13098]: debug1: do_cleanup
------End of debug output------
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii dpkg 1.14.22 Debian package management system
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii libpam-modules 1.0.1-4 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-4 Runtime support for the PAM librar
ii libpam0g 1.0.1-4 Pluggable Authentication Modules l
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.1p1-3 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
-- debconf information:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/vulnerable_host_keys:
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
Reply to: