Bug#849923: marked as done (openssh-server: (default) UsePrivilegeSeparation sandbox broken on x32)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#849923: marked as done (openssh-server: (default) UsePrivilegeSeparation sandbox broken on x32)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 03 Jan 2017 15:09:05 +0000
Message-id: <[🔎] handler.849923.D849923.148345598322449.ackdone@bugs.debian.org>
References: <E1cOQfN-0005YG-UU@fasolo.debian.org> <[🔎] 148335341598.30620.12104753152429815323.reportbug@tglase.lan.tarent.de>

Your message dated Tue, 03 Jan 2017 15:06:21 +0000
with message-id <E1cOQfN-0005YG-UU@fasolo.debian.org>
and subject line Bug#849923: fixed in openssh 1:7.4p1-5
has caused the Debian Bug report #849923,
regarding openssh-server: (default) UsePrivilegeSeparation sandbox broken on x32
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
849923: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849923
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh-server: no login possible after upgrade on x32
From: Thorsten Glaser <tg@mirbsd.de>
Date: Mon, 02 Jan 2017 11:36:55 +0100
Message-id: <[🔎] 148335341598.30620.12104753152429815323.reportbug@tglase.lan.tarent.de>

Package: openssh-server
Version: 1:7.4p1-3
Severity: important

After upgrading from 1:7.3p1-5 to 1:7.4p1-3 I can no longer
'ssh localhost' on x32; switching to openssh-server:i386 with
the exact same configuration works, though.

Server log:

tglase@tglase:~ $ sudo cleanenv / /usr/sbin/sshd -ddddde
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 366
debug2: parse_server_config: config /etc/ssh/sshd_config len 366
debug3: /etc/ssh/sshd_config:18 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:33 setting PermitRootLogin prohibit-password
debug3: /etc/ssh/sshd_config:42 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug3: /etc/ssh/sshd_config:91 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:95 setting PrintMotd no
debug3: /etc/ssh/sshd_config:115 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:118 setting Subsystem sftp	/usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2j  26 Sep 2016
debug1: private host key #0: ssh-rsa SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddddde'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 366
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 366
debug3: rexec:18 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:33 setting PermitRootLogin prohibit-password
debug3: rexec:42 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:63 setting ChallengeResponseAuthentication no
debug3: rexec:86 setting UsePAM yes
debug3: rexec:91 setting X11Forwarding yes
debug3: rexec:95 setting PrintMotd no
debug3: rexec:115 setting AcceptEnv LANG LC_*
debug3: rexec:118 setting Subsystem sftp	/usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2j  26 Sep 2016
debug1: private host key #0: ssh-rsa SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 49750 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-3
debug1: match: OpenSSH_7.4p1 Debian-3 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-3
debug1: Enabling compatibility mode for protocol 2.0
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 31321
debug3: preauth child monitor started
debug3: privsep user:group 111:65534 [preauth]
debug1: permanently_set_uid: 111/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x2318cb0(276)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 31321
debug1: audit_event: unhandled event 12

Client log:

tglase@tglase:~ $ ssh -F /dev/null -vvvvv localhost
OpenSSH_7.4p1 Debian-3, OpenSSL 1.0.2j  26 Sep 2016
debug1: Reading configuration data /dev/null
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/tglase/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-3
debug1: match: OpenSSH_7.4p1 Debian-3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'tglase'
debug3: hostkeys_foreach: reading file "/home/tglase/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/tglase/.ssh/known_hosts:2790
debug3: load_hostkeys: loaded 1 keys from localhost
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 127.0.0.1 port 22

Client log when successfully connecting to the i386 server:

tglase@tglase:~ $ ssh -F /dev/null -vvvvv localhost
OpenSSH_7.4p1 Debian-3, OpenSSL 1.0.2j  26 Sep 2016
debug1: Reading configuration data /dev/null
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/tglase/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/tglase/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-3
debug1: match: OpenSSH_7.4p1 Debian-3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'tglase'
debug3: hostkeys_foreach: reading file "/home/tglase/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/tglase/.ssh/known_hosts:2790
debug3: load_hostkeys: loaded 1 keys from localhost
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug3: hostkeys_foreach: reading file "/home/tglase/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/tglase/.ssh/known_hosts:2790
debug3: load_hostkeys: loaded 1 keys from localhost
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/tglase/.ssh/known_hosts:2790
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/tglase/.ssh/id_rsa (0xc7e9a0), agent
debug2: key: /home/tglase/.ssh/id_dsa ((nil))
debug2: key: /home/tglase/.ssh/id_ecdsa ((nil))
debug2: key: /home/tglase/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/tglase/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 405
debug2: input_userauth_pk_ok: fp SHA256:5P4HaUvrwJVP/5u1NpDEckku9RNwy9weOs+NPhgSdXI
debug3: sign_and_send_pubkey: RSA SHA256:5P4HaUvrwJVP/5u1NpDEckku9RNwy9weOs+NPhgSdXI
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Linux tglase.lan.tarent.de 4.8.0-1-amd64 #1 SMP Debian 4.8.5-1 (2016-10-28) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan  2 11:35:28 2017 from 127.0.0.1
tglase@tglase:~ $ debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
^D
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Connection to localhost closed.
Transferred: sent 3444, received 3356 bytes, in 1.3 seconds
Bytes per second: sent 2746.0, received 2675.9
debug1: Exit status 0


-- System Information:
Debian Release: stretch/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.59
ii  dpkg                   1.18.18
ii  init-system-helpers    1.46
ii  libaudit1              1:2.6.7-1
ii  libc6                  2.24-8
ii  libcomerr2             1.43.3-1
ii  libgssapi-krb5-2       1.15-1
ii  libkrb5-3              1.15-1
ii  libpam-modules         1.1.8-3.4
ii  libpam-runtime         1.1.8-3.4
ii  libpam0g               1.1.8-3.4
ii  libselinux1            2.6-3
ii  libssl1.0.2            1.0.2j-5
ii  libsystemd0            232-8
ii  libwrap0               7.6.q-26
ii  lsb-base               9.20161125
ii  openssh-client         1:7.4p1-3
ii  openssh-sftp-server    1:7.4p1-3
ii  procps                 2:3.3.12-3
ii  ucf                    3.0036
ii  zlib1g                 1:1.2.8.dfsg-4

Versions of packages openssh-server recommends:
pn  libpam-systemd  <none>
pn  ncurses-term    <none>
ii  xauth           1:1.0.9-1

Versions of packages openssh-server suggests:
ii  kwalletcli [ssh-askpass]  3.00-1
ii  molly-guard               0.6.4
pn  monkeysphere              <none>
pn  rssh                      <none>
pn  ufw                       <none>

-- debconf information:
* ssh/use_old_init_script: true
  ssh/vulnerable_host_keys:
  ssh/disable_cr_auth: false
  openssh-server/permit-root-login: true
  ssh/new_config: true
  ssh/encrypted_host_key_but_no_keygen:

-- debsums errors found:
debsums: package openssh-server is not installed

--- End Message ---

--- Begin Message ---

To: 849923-close@bugs.debian.org
Subject: Bug#849923: fixed in openssh 1:7.4p1-5
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 03 Jan 2017 15:06:21 +0000
Message-id: <E1cOQfN-0005YG-UU@fasolo.debian.org>

Source: openssh
Source-Version: 1:7.4p1-5

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849923@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 03 Jan 2017 14:43:28 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 849923
Changes:
 openssh (1:7.4p1-5) unstable; urgency=medium
 .
   * Create mux socket for regression tests in a temporary directory.
   * Work around clock_gettime kernel bug on Linux x32 (closes: #849923).
Checksums-Sha1:
 4c821110e475e857ba49d5271eec27c93f167917 2956 openssh_7.4p1-5.dsc
 4b49d5343fbbca3e0268558c7827ac4e8157ff84 157404 openssh_7.4p1-5.debian.tar.xz
Checksums-Sha256:
 4db3672c393dc69944a68e82773519d37c31d67c5f003fb03516e038347a7427 2956 openssh_7.4p1-5.dsc
 7cd48ba265be55eac54956ee2cb94c265f1885c74af328e2eadd73ce44357955 157404 openssh_7.4p1-5.debian.tar.xz
Files:
 28ba6f6a4e274c23f684a90b0ed83c58 2956 net standard openssh_7.4p1-5.dsc
 6f07a6e5c9db2c8115d81949936cc0df 157404 net standard openssh_7.4p1-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlhruMYACgkQOTWH2X2G
UAsNLA/9FyeDPbkQiY4mhtqxFdDo3D4VEyg95Xp41bwqLv5mvhNn72+4Vrrfev2c
7+agp3WAoHp2+dsjO0/l9ActHQDtDN3xPKHJqIc5vVvX5fwBgMaUqV6uZHy44NUB
ioKtGcWoWTTN2/bYz7QGYe1Qc8hcTxO1T5LqyvrWya/GmHaiqPodX2ejtOqDH9FM
vTuhnS3KOS5lpR5FhYJUrXl5TPjQMAWfwi6CRTcwgBbsH8gRcnrIkAfx0mILD/CW
P70NCphlJV+Zs0p9YiMyFDhmFbpyghaK7f/5zwf86OFBmd7/DofsRYd/CjuV2EA4
BexMohSpcrUjf9YQwv+I/42WVwz7AYUtxVIqp7/gmgTuZl3vL78vz/qFIwpfrTyP
25nF9jdpn4DEpdCRj/8340zNUev1Oydj3bvMatqhxnrabc9HRT3nyN6CtNGUS2mu
ZGgByLQlkQyd+mUpwlfrcLs+N80ZZEY/EhovCqsAKXeOTHXYN2oquQ6Z+CkfcKkA
a9O+iHiQmO4wE2d1A6jfP5x8lc3+H80HuRqS0XhYcDY1D21uYj90UTwskXSWqTSI
ImUA9w1VgmLU5f/KC16X1vUgiy/j6V4bdHX6hxJRtLF1UBTPYaLj3uwBL3kkVyWG
Oqo4v51GI/HVAkmq6MlVh+rv/nIDoJtKfNbsGItoWBBlwLY2BqI=
=1TU0
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#849923: openssh-server: no login possible after upgrade on x32
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Bug#849923: openssh-server: no login possible after upgrade on x32
Next by Date: Processing of openssh_7.4p1-5_source.changes
Previous by thread: Bug#849923: openssh-server: no login possible after upgrade on x32
Next by thread: Processing of openssh_7.4p1-4_source.changes
Index(es):
- Date
- Thread