Bug#934663: marked as done (socket activated sshd sometimes complains about /run/sshd not being there)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 19 Aug 2021 10:50:17 +0000
with message-id <E1mGfcn-0005dt-18@fasolo.debian.org>
and subject line Bug#934663: fixed in openssh 1:8.4p1-6
has caused the Debian Bug report #934663,
regarding socket activated sshd sometimes complains about /run/sshd not being there
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934663
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: socket activated sshd sometimes complains about /run/sshd not being there
• From: Marc Haber <mh+debian-packages@zugschlus.de>
• Date: Tue, 13 Aug 2019 07:37:29 +0200
• Message-id: <156567464945.21495.12114711019606280436.reportbug@q.bofh.de>

Package: openssh-server
Version: 1:7.9p1-10
Severity: minor

Hi,

I am running sshd with systemd socket activation, which is a
non-standard configuration, hence severity: minor.

Since the buster upgrade, on a host that is hit by ssh brute force
attacks hundreds of times a day, I get "fatal: chroot("/run/sshd"): No
such file or directory [preauth]" log entries about three times a day.

When I look, /run/sshd is there. It is also confusing that the message
does happen so seldomly, only in a very small fraction of cases. So it
must be an exotic race condition.

sshd doesn't delete and recreate the privsep directory after a chrooted
daemon exits, does it?

What I notice is that this message soemtimes happens when two
connections come in together:

Exapmle 1:

syslog:
Aug 13 05:25:03 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (176.31.172.40:44702).
Aug 13 05:25:07 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (40.125.172.86:1088).
Aug 13 05:25:08 q systemd[1]: ssh@17885-85.214.213.124:22-176.31.172.40:44702.service: Succeeded.
Aug 13 05:25:08 q systemd[1]: ssh@17886-85.214.213.138:22-40.125.172.86:1088.service: Succeeded.

auth.log:
Aug 13 05:25:03 q sshd[13138]: Invalid user oracle from 176.31.172.40 port 44702
Aug 13 05:25:03 q sshd[13138]: pam_unix(sshd:auth): check pass; user unknown
Aug 13 05:25:03 q sshd[13138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.172
Aug 13 05:25:05 q sshd[13138]: Failed password for invalid user oracle from 176.31.172.40 port 44702 ssh2
Aug 13 05:25:08 q sshd[13138]: Received disconnect from 176.31.172.40 port 44702:11: Bye Bye [preauth]
Aug 13 05:25:08 q sshd[13138]: Disconnected from invalid user oracle 176.31.172.40 port 44702 [preauth]
Aug 13 05:25:08 q sshd[13142]: fatal: chroot("/run/sshd"): No such file or directory [preauth]

there were no auth.log entries for the connection from 40.125.172.86.


Example 2:

syslog:
Aug 13 00:12:41 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (192.117.186.215:34594).
Aug 13 00:12:45 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (222.255.146.19:54636).
Aug 13 00:12:46 q systemd[1]: ssh@16199-85.214.213.124:22-192.117.186.215:34594.service: Succeeded.
Aug 13 00:12:46 q systemd[1]: ssh@16200-85.214.213.124:22-222.255.146.19:54636.service: Succeeded.

auth.log:
Aug 13 00:12:42 q sshd[28305]: Invalid user tez from 192.117.186.215 port 34594
Aug 13 00:12:42 q sshd[28305]: pam_unix(sshd:auth): check pass; user unknown
Aug 13 00:12:42 q sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.117.18
Aug 13 00:12:44 q sshd[28305]: Failed password for invalid user tez from 192.117.186.215 port 34594 ssh2
Aug 13 00:12:46 q sshd[28305]: Received disconnect from 192.117.186.215 port 34594:11: Bye Bye [preauth]
Aug 13 00:12:46 q sshd[28305]: Disconnected from invalid user tez 192.117.186.215 port 34594 [preauth]
Aug 13 00:12:46 q sshd[28308]: fatal: chroot("/run/sshd"): No such file or directory [preauth]

there were no auth.log entries for the connection from 222.255.146.19

This is not a big deal, but I'd really like to know that I am still
running the sshd with privilege separation.

Greetings
Marc

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.7-zgsrv20080 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg                   1.19.7
ii  libaudit1              1:2.8.4-3
ii  libc6                  2.28-10
ii  libcom-err2            1.44.5-1
ii  libgssapi-krb5-2       1.17-3
ii  libkrb5-3              1.17-3
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1c-1
ii  libsystemd0            241-5
ii  libwrap0               7.6.q-28
ii  lsb-base               10.2019051400
ii  openssh-client         1:7.9p1-10
ii  openssh-sftp-server    1:7.9p1-10
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd  241-5
pn  ncurses-term    <none>
pn  xauth           <none>

Versions of packages openssh-server suggests:
ii  molly-guard   0.7.1
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
* openssh-server/permit-root-login: true
  ssh/vulnerable_host_keys:
* openssh-server/password-authentication: true
  ssh/disable_cr_auth: false

--- End Message ---

--- Begin Message ---

• To: 934663-close@bugs.debian.org
• Subject: Bug#934663: fixed in openssh 1:8.4p1-6
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 19 Aug 2021 10:50:17 +0000
• Message-id: <E1mGfcn-0005dt-18@fasolo.debian.org>
• Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh
Source-Version: 1:8.4p1-6
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934663@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Aug 2021 11:04:01 +0100
Source: openssh
Architecture: source
Version: 1:8.4p1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 934663 990456 992134
Changes:
 openssh (1:8.4p1-6) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Rename ssh group to _ssh (closes: #990456).  It's only used by
     ssh-agent.
   * debian/tests/regress: Don't fail cleanup if haveged isn't running.
   * Backport from upstream:
     - Add includes.h to compat tests (closes: #992134, LP: #1939751).
   * Use "command -v" in maintainer scripts rather than "which".
 .
   [ Athos Ribeiro ]
   * d/systemd/ssh@.service: preserve the systemd managed runtime directory to
     ensure parallel processes will not disrupt one another when halting
     (LP: #1905285) (closes: #934663)
Checksums-Sha1:
 77a4d035d35386fb101351bf6abe19a45e40afcd 3353 openssh_8.4p1-6.dsc
 01099792f97ccd4b5012e4db5e8fc9bf481e317d 180236 openssh_8.4p1-6.debian.tar.xz
Checksums-Sha256:
 692615840d985bc66b49992d42235f35cc8f5e78ace6ca7bcb979b3d92530cc8 3353 openssh_8.4p1-6.dsc
 a21f4a01ae6b19e929f164ff3a121939c4f83fc4dc868f2f815266dff93e0d1c 180236 openssh_8.4p1-6.debian.tar.xz
Files:
 6759698733983ca4f8066eee6bcd529d 3353 net standard openssh_8.4p1-6.dsc
 96cb3dcf100d6ce3639a7079d73914ee 180236 net standard openssh_8.4p1-6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmEeMm4ACgkQOTWH2X2G
UAutOQ/+Lm9vbR9/3qMFXfKS1x+2vhk6dHO8976eCeabajvdpVJUndbI3sp4iPhC
XV2gP7k0Cn73ZjrDy+yZyNrPn9s4t2+KrIO+EbqQN0wbeE/Q2IThDnPchZyTuQnj
tA0ZlqQ7NEG7efZl8ftFHCdRg8KLY5nD8E9OrR3oxw7m+Dl3kQdo8S8Ha15vUW9v
IouU6fcWYwDbzYo1XTZrrzh2RLsYP6nKBsoTiOOM+Op7lYGt+9impx5Y1A7zZZlH
NOYj8yJBQuyS3WKWa58jiWghOIkhixf41kjZf8lyaO2EJvMhpgzHrPuawZn6fKiA
oD5Y1kihmfUYXEZUVhjF1l2qczDIh10yQFDU2TIhUfuybLzUesID4JpEiQdxzyOa
p2GA4diaKklotx7A/5Ki6eGikmcCpc+rEXnp4YK4mPNwrq7KZ1zkGINVzyq9dkhn
7lNO5pE3jf4bdKe4qn3vLUkgolnRJue73GNguHoZ3LAUkHr6Oc2Ul+vrypsHv0BH
vyBsjOton7SqYq0WxYLRFEHWFoR6GSjRaafMgb1w5Gdh1EwSogXRpbaLEmL48Rdr
PWOoz3F1ABfabVZPb/KCX6QTZD63QqABvFKraETcARcChi5jBLruHDmfjmStxFA/
dYfMhl9tpeZnxPd8Yh3bgmkU5Ym80zS7BzQGbE/Fww6rfy1TeQ4=
=KO12
-----END PGP SIGNATURE-----

--- End Message ---