Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf
Package: openssh-server
Version: 1:8.4p1-5
Severity: important
X-Debbugs-Cc: benedikt.wildenhain@hs-bochum.de
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I installed openssh-server using taskel.
* What was the outcome of this action?
Trying to connect fails (also from external hosts):
# ssh -v localhost
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
journalctl -u ssh outputs the following at the same time (with Loglevel
debug):
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Set /proc/self/oom_score_adj to 0
Jan 27 14:48:31 jupiter sshd[3812]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jan 27 14:48:31 jupiter sshd[3812]: debug1: inetd sockets after dupping: 4, 4
Jan 27 14:48:31 jupiter sshd[3812]: Connection from 127.0.0.1 port 45200 on 127.0.0.1 port 22 rdomain ""
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
Jan 27 14:48:31 jupiter sshd[3812]: debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
Jan 27 14:48:31 jupiter sshd[3812]: debug1: permanently_set_uid: 105/65534 [preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: monitor_read_log: child log fd closed
Jan 27 14:48:31 jupiter sshd[3812]: debug1: do_cleanup
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Killing privsep child 3813
Jan 27 14:48:31 jupiter sshd[3812]: debug1: audit_event: unhandled event 12
Jan 27 14:48:31 jupiter sshd[2759]: debug1: main_sigchld_handler: Child exited
journalctl -k outputs:
Jan 27 14:48:31 jupiter kernel: audit: type=1326
audit(1643291311.540:31): auid=4294967295 uid=105 gid=65534 ses=4294967295 subj==unconfined pid=3813 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 ip=0xb6a8e3c6 >
* What outcome did you expect instead?
I can authenticate against the server.
Kind regards,
Benedikt Wildenhain
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 5.15.0-3-armmp-lpae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE
Locale: LANG=eo, LC_CTYPE=eo (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii dpkg 1.20.9
ii libaudit1 1:3.0-2
ii libc6 2.33-3
ii libcom-err2 1.46.2-2
ii libcrypt1 1:4.4.18-4
ii libgssapi-krb5-2 1.18.3-6+deb11u1
ii libkrb5-3 1.18.3-6+deb11u1
ii libpam-modules 1.4.0-9+deb11u1
ii libpam-runtime 1.4.0-9+deb11u1
ii libpam0g 1.4.0-9+deb11u1
ii libselinux1 3.1-3
ii libssl1.1 1.1.1k-1+deb11u1
ii libsystemd0 247.3-6
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii openssh-client 1:8.4p1-5
ii openssh-sftp-server 1:8.4p1-5
ii procps 2:3.3.17-5
ii runit-helper 2.10.3
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 247.3-6
ii ncurses-term 6.2+20201114-2
ii xauth 1:1.1-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
openssh-server/password-authentication: true
openssh-server/permit-root-login: true
Reply to: