[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932089: openssh-server: Cannot log into openssh-server on buster/mipsel

On Sun, Jul 14, 2019 at 02:22:21PM -0700, Francois Marier wrote:
> $ systemctl stop sshd
> $ mkdir /run/sshd
> $ /usr/sbin/sshd -ddd

(You might find it more convenient to temporarily run sshd on a high
port using the -p option, rather than having to stop the system's sshd

> debug3: user_specific_delay: user specific delay 0.000ms [preauth]
> debug1: monitor_read_log: child log fd closed

Judging from this, the crash (or is it a hang?  I'm assuming a crash) is
near the start of ensure_minimum_time_since, probably inside
monotime_ts.  I suspect there's something wrong with the seccomp
sandboxing of the privileged monitor process on mipsel.

Could you try installing the auditd package, and then running this
before starting sshd:

  auditctl -a exit,always -F uid="$(id -u sshd)"

(Replace -a with -d to undo this.)  You should then get a log of
syscalls made by sshd's privileged monitor process in
/var/log/audit/audit.log; I'd like the lines containing the string

> 6. I explicitly disabled the sandbox using `UsePrivilegeSeparation yes` as
> per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868009.

You're right that this would once have been a good test to run to
exclude the possibility of a seccomp sandbox bug.  However, the ability
to configure UsePrivilegeSeparation was withdrawn in OpenSSH 7.5, so
this test is now ineffective.


Colin Watson                                       [cjwatson@debian.org]

Reply to: