On Sun, Jun 30, 2019 at 05:25:42AM -0300, Emilio López wrote: > After enabling afalg engine on OpenSSL and configuring OpenSSH server to use > the following > ciphers, incoming ssh connections stop working. When a client tries to > connect, you can > observe the following message on the server's dmesg output: > > [271686.264598] audit: type=1326 audit(1561879548.303:14): auid=1000 > uid=104 gid=65534 ses=99 subj==unconfined pid=8164 comm="sshd" > exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=281 compat=0 ip=0xb6a5ee6c > code=0x0 > > The device is a Buffalo Linkstation LS-WXL (armel, kirkwood). I would like to > use the crypto > hardware accelerator (marvell_cesa) on SSH to get better performance out of > it, that's why > I enabled the afalg engine. > > This happens both with openssh-server from buster and experimental. Syscall > 281 appears to be > socket(...) from what I could gather. Maybe it is necessary to add a few more > allowed syscall > rules to the seccomp sandbox in OpenSSH?
Thanks for your report. Would you mind filing this directly upstream? This is the sort of thing I'd much rather get upstream review of. https://bugzilla.mindrot.org/ Thanks, -- Colin Watson [cjwat...@debian.org]