Bug#645788: openssh-server: Workaround

To: Debian Bug Tracking System <645788@bugs.debian.org>
Subject: Bug#645788: openssh-server: Workaround
From: "Orlando Muñoz" <orlando.a.munoz@gmail.com>
Date: Fri, 12 Jul 2019 12:05:03 +0100
Message-id: <[🔎] 156292950387.13878.7120532739680039235.reportbug@ragnarok.asgard.org>
Reply-to: "Orlando Muñoz" <orlando.a.munoz@gmail.com>, 645788@bugs.debian.org
References: <20111018165607.6010.85252.reportbug@rohan.altum.de>

Package: openssh-server
Version: 1:7.9p1-10
Followup-For: Bug #645788

Dear Maintainer,

Authentication always failed when using sshd server launched from xinetd.
Issue was track down to the fact that sshd systemd script created a /run/sshd directory.
But that directory does not exist when called from xinetd.

Workarround was to place a conf file on /etc/tmffiles.d
---snip (sshd.conf)
d /run/sshd 0700 root root
---snip

This creates the required diretory during system startup on the dynamic /run (tmpfs).

I suggest removing the creation/deletion of the /run/sshd diretory from the ssh.service 
systemd service script, and placing a tmpfiles conf to do the same at startup.

That would work in both cases (standalone service and xinetd helper).

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=pt_PT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg                   1.19.7
ii  libaudit1              1:2.8.4-3
ii  libc6                  2.28-10
ii  libcom-err2            1.44.5-1
ii  libgssapi-krb5-2       1.17-3
ii  libkrb5-3              1.17-3
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1c-1
ii  libsystemd0            241-5
ii  libwrap0               7.6.q-28
ii  lsb-base               10.2019051400
ii  openssh-client         1:7.9p1-10
ii  openssh-sftp-server    1:7.9p1-10
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd  241-5
ii  ncurses-term    6.1+20181013-2
ii  xauth           1:1.0.10-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  openssh-server/permit-root-login: true
  openssh-server/password-authentication: true

Reply to:

Prev by Date: Bug#931631: Wrong dependency on virtual logind packages
Next by Date: Bug#932071: openssh-client: [Regr. 7.9p1-10 -> 8.0p1-3] Always prompts for Yubikey (PKCS#11) PIN, even if already in agent
Previous by thread: Bug#931658: runit-init: Boot hangs with QEMU if openssh-server is installed
Next by thread: Bug#932071: openssh-client: [Regr. 7.9p1-10 -> 8.0p1-3] Always prompts for Yubikey (PKCS#11) PIN, even if already in agent
Index(es):
- Date
- Thread