Package: openssh-server
Version: 1:8.3p1-1
Severity: grave
Justification: renders package unusable

After an upgrade of libc6 today, I can no longer log into my
system using ssh:

tglase@tglase:~ $ ssh localhost
Connection reset by 127.0.0.1 port 22

Jul 15 22:33:17 tglase sshd[27084]: fatal: setgroups: Bad address [preauth]

More debugging:

tglase@tglase:~ $ sudo cleanenv / /usr/sbin/sshd -p2000 -ddde
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 329
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 329
debug2: /etc/ssh/sshd_config line 13: new include /etc/ssh/sshd_config.d/*.conf
debug2: /etc/ssh/sshd_config line 13: no match for /etc/ssh/sshd_config.d/*.conf
debug3: /etc/ssh/sshd_config:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug3: /etc/ssh/sshd_config:91 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:95 setting PrintMotd no
debug3: /etc/ssh/sshd_config:113 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:116 setting Subsystem sftp 
/usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_8.3, OpenSSL 1.1.1g  21 Apr 2020
debug1: private host key #0: ssh-rsa 
SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p2000'
debug1: rexec_argv[2]='-ddde'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2000 on 0.0.0.0.
Server listening on 0.0.0.0 port 2000.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2000 on ::.
Server listening on :: port 2000.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 329
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 329
debug2: parse_server_config_depth: config  len 0
debug3: rexec:20 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:63 setting ChallengeResponseAuthentication no
debug3: rexec:86 setting UsePAM yes
debug3: rexec:91 setting X11Forwarding yes
debug3: rexec:95 setting PrintMotd no
debug3: rexec:113 setting AcceptEnv LANG LC_*
debug3: rexec:116 setting Subsystem sftp        /usr/lib/openssh/sftp-server
debug1: sshd version OpenSSH_8.3, OpenSSL 1.1.1g  21 Apr 2020
debug1: private host key #0: ssh-rsa 
SHA256:9ae2/1t8U30Savg3XisO1ZCDuaH8IXQm18FdLpW3g8M
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 57626 on 127.0.0.1 port 2000 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.3p1 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1 
Debian-1
debug1: match: OpenSSH_8.3p1 Debian-1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 2057
debug3: preauth child monitor started
debug3: privsep user:group 111:65534 [preauth]
setgroups: Bad address [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 2057
debug1: audit_event: unhandled event 12

-- System Information:
Debian Release: bullseye/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), 
(100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                    3.118
ii  debconf [debconf-2.0]      1.5.74
ii  dpkg                       1.20.5
ii  libaudit1                  1:2.8.5-3+b1
ii  libc6                      2.31-1
ii  libcom-err2                1.45.6-1
ii  libcrypt1                  1:4.4.16-1
ii  libelogind0 [libsystemd0]  243.7-1+debian1
ii  libgssapi-krb5-2           1.17-10
ii  libkrb5-3                  1.17-10
ii  libpam-modules             1.3.1-5
ii  libpam-runtime             1.3.1-5
ii  libpam0g                   1.3.1-5
ii  libselinux1                3.1-1
ii  libssl1.1                  1.1.1g-1
ii  libwrap0                   7.6.q-30
ii  lsb-base                   11.1.0
ii  openssh-client             1:8.3p1-1
ii  openssh-sftp-server        1:8.3p1-1
ii  procps                     2:3.3.16-5
ii  runit-helper               2.8.15
ii  ucf                        3.0043
ii  zlib1g                     1:1.2.11.dfsg-2

Versions of packages openssh-server recommends:
ii  libpam-elogind [logind]  243.7-1+debian1
pn  ncurses-term             <none>
ii  xauth                    1:1.0.10-1

Versions of packages openssh-server suggests:
ii  kwalletcli [ssh-askpass]  3.02-1
ii  molly-guard               0.7.2
pn  monkeysphere              <none>
pn  ufw                       <none>

-- Configuration Files:
/etc/ssh/moduli changed [not included]

-- debconf information:
  ssh/new_config: true
  ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
  ssh/vulnerable_host_keys:
  openssh-server/permit-root-login: true
  ssh/disable_cr_auth: false
  openssh-server/password-authentication: true

Reply via email to