[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932089: openssh-server: Cannot log into openssh-server on buster/mipsel

On Sun, Jul 14, 2019 at 10:26:05PM -0700, Francois Marier wrote:
>   $ auditctl -a exit,always -F uid="$(id -u sshd)"
>   Error - audit support not in kernel
>   Cannot open netlink audit socket
> Looks like I might be missing some kernel features. Perhaps sandboxing in
> openssh also relies on something that's not compiled in either? Is there an
> easy way to check?

audit was something that would have made this easier to debug, but isn't
required for normal functionality.

Now that you mention it, though, I do see this in your log:

  debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP): Invalid argument [preauth]

... which suggests that CONFIG_SECCOMP or CONFIG_SECCOMP_FILTER may be
disabled in your kernel.

However, openssh should just fall back to not using seccomp sandboxing
in that case.  It should make it easier to debug though!  Perhaps you
could run sshd under strace and we might be able to see where it goes
wrong there?  (Be careful with the strace output, as it will contain
secrets such as the private host key.)

> By the way, this machine is sadly not using a Debian kernel. It's using
> librecmc-ramips-mt7621-gb-pc1-squashfs-sysupgrade_2017-11-28.bin from
> https://github.com/gnubee-git/gnubee-git.github.io/blob/master/debian/.

I hope that the source for this is available somewhere and that it isn't
just a GPL violation?  I couldn't easily find the source.

Colin Watson                                       [cjwatson@debian.org]

Reply to: