Bug#965086: ssh: setgroups: Bad address [preauth]
Package: openssh-server
Version: 1:8.3p1-1
Severity: grave
Justification: renders package unusable
After an upgrade of libc6 today, I can no longer log into my
system using ssh:
tglase@tglase:~ $ ssh localhost
Connection reset by 127.0.0.1 port 22
Jul 15 22:33:17 tglase sshd[27084]: fatal: setgroups: Bad address [preauth]
More debugging:
tglase@tglase:~ $ sudo cleanenv / /usr/sbin/sshd -p2000 -ddde
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 329
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 329
debug2: /etc/ssh/sshd_config line 13: new include /etc/ssh/sshd_config.d/*.conf
debug2: /etc/ssh/sshd_config line 13: no match for /etc/ssh/sshd_config.d/*.conf
debug3: /etc/ssh/sshd_config:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug3: /etc/ssh/sshd_config:91 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:95 setting PrintMotd no
debug3: /etc/ssh/sshd_config:113 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:116 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_8.3, OpenSSL 1.1.1g 21 Apr 2020
debug1: private host key #0: ssh-rsa SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p2000'
debug1: rexec_argv[2]='-ddde'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2000 on 0.0.0.0.
Server listening on 0.0.0.0 port 2000.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2000 on ::.
Server listening on :: port 2000.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 329
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 329
debug2: parse_server_config_depth: config len 0
debug3: rexec:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:63 setting ChallengeResponseAuthentication no
debug3: rexec:86 setting UsePAM yes
debug3: rexec:91 setting X11Forwarding yes
debug3: rexec:95 setting PrintMotd no
debug3: rexec:113 setting AcceptEnv LANG LC_*
debug3: rexec:116 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_8.3, OpenSSL 1.1.1g 21 Apr 2020
debug1: private host key #0: ssh-rsa SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 57626 on 127.0.0.1 port 2000 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.3p1 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1 Debian-1
debug1: match: OpenSSH_8.3p1 Debian-1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 2057
debug3: preauth child monitor started
debug3: privsep user:group 111:65534 [preauth]
setgroups: Bad address [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 2057
debug1: audit_event: unhandled event 12
-- System Information:
Debian Release: bullseye/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), (100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64
Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.74
ii dpkg 1.20.5
ii libaudit1 1:2.8.5-3+b1
ii libc6 2.31-1
ii libcom-err2 1.45.6-1
ii libcrypt1 1:4.4.16-1
ii libelogind0 [libsystemd0] 243.7-1+debian1
ii libgssapi-krb5-2 1.17-10
ii libkrb5-3 1.17-10
ii libpam-modules 1.3.1-5
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 3.1-1
ii libssl1.1 1.1.1g-1
ii libwrap0 7.6.q-30
ii lsb-base 11.1.0
ii openssh-client 1:8.3p1-1
ii openssh-sftp-server 1:8.3p1-1
ii procps 2:3.3.16-5
ii runit-helper 2.8.15
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
ii libpam-elogind [logind] 243.7-1+debian1
pn ncurses-term <none>
ii xauth 1:1.0.10-1
Versions of packages openssh-server suggests:
ii kwalletcli [ssh-askpass] 3.02-1
ii molly-guard 0.7.2
pn monkeysphere <none>
pn ufw <none>
-- Configuration Files:
/etc/ssh/moduli changed [not included]
-- debconf information:
ssh/new_config: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
ssh/vulnerable_host_keys:
openssh-server/permit-root-login: true
ssh/disable_cr_auth: false
openssh-server/password-authentication: true
Reply to: