Bug#932089: openssh-server: Cannot log into openssh-server on buster/mipsel
On Sun, Jul 14, 2019 at 02:22:21PM -0700, Francois Marier wrote:
> $ systemctl stop sshd
> $ mkdir /run/sshd
> $ /usr/sbin/sshd -ddd
(You might find it more convenient to temporarily run sshd on a high
port using the -p option, rather than having to stop the system's sshd
service.)
> debug3: user_specific_delay: user specific delay 0.000ms [preauth]
> debug1: monitor_read_log: child log fd closed
Judging from this, the crash (or is it a hang? I'm assuming a crash) is
near the start of ensure_minimum_time_since, probably inside
monotime_ts. I suspect there's something wrong with the seccomp
sandboxing of the privileged monitor process on mipsel.
Could you try installing the auditd package, and then running this
before starting sshd:
auditctl -a exit,always -F uid="$(id -u sshd)"
(Replace -a with -d to undo this.) You should then get a log of
syscalls made by sshd's privileged monitor process in
/var/log/audit/audit.log; I'd like the lines containing the string
'exe="/usr/sbin/sshd"'.
> 6. I explicitly disabled the sandbox using `UsePrivilegeSeparation yes` as
> per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868009.
You're right that this would once have been a good test to run to
exclude the possibility of a seccomp sandbox bug. However, the ability
to configure UsePrivilegeSeparation was withdrawn in OpenSSH 7.5, so
this test is now ineffective.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: