[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#941663: marked as done (openssh-server: fatal: privsep_preauth: preauth child terminated by signal 31)

Your message dated Sat, 05 Oct 2019 22:16:46 +0000
with message-id <E1iGsM2-0006rt-Hn@fasolo.debian.org>
and subject line Bug#941663: fixed in openssh 1:8.0p1-7
has caused the Debian Bug report #941663,
regarding openssh-server: fatal: privsep_preauth: preauth child terminated by signal 31
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
941663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941663
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:7,9p1-10

We recently installed the latest openssl patches(https://www.debian.org/security/2019/dsa-4540 https://www.debian.org/security/2019/dsa-4539 ) on  a machine running Debian 10.1, since the upgrade, ssh connections are immediately dropped (below is an excerpt of auth.log with sshd LogLevel set to Debug)

Oct  3 08:50:24 debian sshd[8048]: debug1: Forked child 11290.
Oct  3 08:50:24 debian sshd[11290]: debug1: Set /proc/self/oom_score_adj to 0
Oct  3 08:50:24 debian sshd[11290]: debug1: rexec start in 6 out 6 newsock 6 pipe 8 sock 9
Oct  3 08:50:24 debian sshd[11290]: debug1: inetd sockets after dupping: 5, 5
Oct  3 08:50:24 debian sshd[11290]: Connection from 192.168.1.2 port 58940 on 165.112.184.218 port 22
Oct  3 08:50:24 debian sshd[11290]: debug1: Client protocol version 2.0; client software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Oct  3 08:50:24 debian sshd[11290]: debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
Oct  3 08:50:24 debian sshd[11290]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10
Oct  3 08:50:24 debian sshd[11290]: debug1: permanently_set_uid: 102/65534 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: rekey after 134217728 blocks [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: rekey after 134217728 blocks [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: KEX done [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: userauth-request for user user service ssh-connection method none [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: attempt 0 failures 0 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: PAM: initializing for "user"
Oct  3 08:50:24 debian sshd[11290]: debug1: PAM: setting PAM_RHOST to "192.168.1.2"
Oct  3 08:50:24 debian sshd[11290]: debug1: PAM: setting PAM_TTY to "ssh"
Oct  3 08:50:24 debian sshd[11290]: debug1: userauth-request for user user service ssh-connection method publickey [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: attempt 1 failures 0 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:4aUmJoZ6m0NnB1TB3RFIggMUaFbQe96aod3SohrLgfw [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: temporarily_use_uid: 1003/1003 (e=0/0)
Oct  3 08:50:24 debian sshd[11290]: debug1: trying public key file /home/user/.ssh/authorized_keys
Oct  3 08:50:24 debian sshd[11290]: debug1: Could not open authorized keys '/home/user/.ssh/authorized_keys': No such file or directory
Oct  3 08:50:24 debian sshd[11290]: debug1: restore_uid: 0/0
Oct  3 08:50:24 debian sshd[11290]: Failed publickey for user from 192.168.1.2 port 58940 ssh2: RSA SHA256:L+JSUX+UtQA5J0GjsdbG1Su6Z9YgXb6EJA0KZ+AJuos
Oct  3 08:50:24 debian sshd[11290]: debug1: userauth-request for user user service ssh-connection method publickey [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: attempt 3 failures 2 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:EdnXT/x3fRm1jl7Dpz2DWz8TUYphqEB71IuQtSkk/X0 [preauth]
Oct  3 08:50:24 debian sshd[11290]: debug1: temporarily_use_uid: 1003/1003 (e=0/0)
Oct  3 08:50:24 debian sshd[11290]: debug1: trying public key file /home/user/.ssh/authorized_keys
Oct  3 08:50:24 debian sshd[11290]: debug1: Could not open authorized keys '/home/user/.ssh/authorized_keys': No such file or directory
Oct  3 08:50:24 debian sshd[11290]: debug1: restore_uid: 0/0
Oct  3 08:50:24 debian sshd[11290]: debug1: temporarily_use_uid: 1003/1003 (e=0/0)
Oct  3 08:50:24 debian sshd[11290]: debug1: trying public key file /home/user/.ssh/authorized_keys2
Oct  3 08:50:24 debian sshd[11290]: debug1: Could not open authorized keys '/home/user/.ssh/authorized_keys2': No such file or directory
Oct  3 08:50:24 debian sshd[11290]: debug1: restore_uid: 0/0
Oct  3 08:50:24 debian sshd[11290]: Failed publickey for user from 192.168.1.2 port 58940 ssh2: RSA SHA256:EdnXT/x3fRm1jl7Dpz2DWz8TUYphqEB71IuQtSkk/X0
Oct  3 08:50:30 debian sshd[11290]: debug1: userauth-request for user user service ssh-connection method password [preauth]
Oct  3 08:50:30 debian sshd[11290]: debug1: attempt 4 failures 3 [preauth]
Oct  3 08:50:30 debian sshd[11290]: debug1: PAM: password authentication accepted for user
Oct  3 08:50:30 debian sshd[11290]: debug1: do_pam_account: called
Oct  3 08:50:30 debian sshd[11290]: Accepted password for user from 192.168.1.2 port 58940 ssh2
Oct  3 08:50:30 debian sshd[11290]: debug1: monitor_child_preauth: user has been authenticated by privileged process
Oct  3 08:50:30 debian sshd[11290]: debug1: monitor_read_log: child log fd closed
Oct  3 08:50:30 debian sshd[11290]: fatal: privsep_preauth: preauth child terminated by signal 31
Oct  3 08:50:30 debian sshd[11290]: debug1: do_cleanup


Is this a known issue? What else might we do to debug?



--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:8.0p1-7

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 941663@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 05 Oct 2019 22:41:11 +0100
Source: openssh
Architecture: source
Version: 1:8.0p1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 941663
Changes:
 openssh (1:8.0p1-7) unstable; urgency=medium
 .
   [ Daniel Kahn Gillmor ]
   * runit: Correct typo in comment.
 .
   [ Colin Watson ]
   * Apply upstream patch to deny (non-fatally) shmget/shmat/shmdt in preauth
     privsep child, coping with changes in OpenSSL 1.1.1d that broke OpenSSH
     on Linux kernels before 3.19 (closes: #941663).
Checksums-Sha1:
 845ffb1cf50107edfbff879a1dc4f58c421f1a5f 3316 openssh_8.0p1-7.dsc
 d6e0f2d201fc9d3afb39a000dd6939b9f15a82a8 171932 openssh_8.0p1-7.debian.tar.xz
Checksums-Sha256:
 f84352fd957992c180ee5f0b5945e088a37f0318c80d76e89543f81ef98d9b7a 3316 openssh_8.0p1-7.dsc
 a00cdd0e7128dd6ea6e39e28190ebf3c60d9fe07c69b2f9279fa6d39f6f61fdd 171932 openssh_8.0p1-7.debian.tar.xz
Files:
 03792c71b8eaec1575c88680f5fc2621 3316 net standard openssh_8.0p1-7.dsc
 888bd7cff7d05985c40112d187bd965e 171932 net standard openssh_8.0p1-7.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl2ZDjQACgkQOTWH2X2G
UAtt8g/+PA3HMab0EMswuT/fozLlBDXi3ozRxBllu4Efw8Ub6oCJvLeDisD62ywA
X7K8vKhrC5klvpTIB520wwo8TDDhXnEr5hrZ2dNzcCBkZAGVi6yRYk11I2gFqafX
AFQv3bbFbD0mwKGSFPZ8FyUsj3pjeXgWrXW2Z++LUecIoGd9PRnCftq+V6rUIWZ1
kKsEPXvmlCi+PDvvLnSDr1DUN4u0Ez5gF4F9ibVpx/04/iGt12kP71uQWhJMkg+C
Tv1At0kuelshmY+++mCR0JRRNLP/BOqNHDRamOLIM0RjZMHc1iWn7k/klqAi9lEC
egYR0WhmUEEbVxdDCabaVCmvK2ESO90hWBYD6fE7mtlSqNlws27H70IzNA/vLtip
6GNqVmi0/Hd8gOIm+9MY7WIRqshgffr6OLnrSpEO2KjWNXuXiTbqZ0bI4OnysSG4
Mm4TEOotYti2hg7mvcAj87fA6M4RjZZRYTwku7FploLCx8g/Azj+VNhRYBvyS+8U
tJxVD1ou3js9qLjUbP3Wneoxsejeq2x8W8i9FEib+mYAPdVqfNa0ur4YXJ/RqEHf
N4yn4v6DY+oM8ejL+Ja3q9g+SQkZNV+WKL/Qr7PDkgyiHh1tcW0t33mHehJlihbr
yS76HK8DztSSl4hP9gpYpz2HFlX82oWz1QK8paADbZwus5ofma0=
=JzQf
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: