Your message dated Thu, 19 Aug 2021 10:50:17 +0000 with message-id <[email protected]> and subject line Bug#934663: fixed in openssh 1:8.4p1-6 has caused the Debian Bug report #934663, regarding socket activated sshd sometimes complains about /run/sshd not being there to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 934663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934663 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssh-server Version: 1:7.9p1-10 Severity: minor Hi, I am running sshd with systemd socket activation, which is a non-standard configuration, hence severity: minor. Since the buster upgrade, on a host that is hit by ssh brute force attacks hundreds of times a day, I get "fatal: chroot("/run/sshd"): No such file or directory [preauth]" log entries about three times a day. When I look, /run/sshd is there. It is also confusing that the message does happen so seldomly, only in a very small fraction of cases. So it must be an exotic race condition. sshd doesn't delete and recreate the privsep directory after a chrooted daemon exits, does it? What I notice is that this message soemtimes happens when two connections come in together: Exapmle 1: syslog: Aug 13 05:25:03 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (176.31.172.40:44702). Aug 13 05:25:07 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (40.125.172.86:1088). Aug 13 05:25:08 q systemd[1]: [email protected]:22-176.31.172.40:44702.service: Succeeded. Aug 13 05:25:08 q systemd[1]: [email protected]:22-40.125.172.86:1088.service: Succeeded. auth.log: Aug 13 05:25:03 q sshd[13138]: Invalid user oracle from 176.31.172.40 port 44702 Aug 13 05:25:03 q sshd[13138]: pam_unix(sshd:auth): check pass; user unknown Aug 13 05:25:03 q sshd[13138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.172 Aug 13 05:25:05 q sshd[13138]: Failed password for invalid user oracle from 176.31.172.40 port 44702 ssh2 Aug 13 05:25:08 q sshd[13138]: Received disconnect from 176.31.172.40 port 44702:11: Bye Bye [preauth] Aug 13 05:25:08 q sshd[13138]: Disconnected from invalid user oracle 176.31.172.40 port 44702 [preauth] Aug 13 05:25:08 q sshd[13142]: fatal: chroot("/run/sshd"): No such file or directory [preauth] there were no auth.log entries for the connection from 40.125.172.86. Example 2: syslog: Aug 13 00:12:41 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (192.117.186.215:34594). Aug 13 00:12:45 q systemd[1]: Started OpenBSD Secure Shell server per-connection daemon (222.255.146.19:54636). Aug 13 00:12:46 q systemd[1]: [email protected]:22-192.117.186.215:34594.service: Succeeded. Aug 13 00:12:46 q systemd[1]: [email protected]:22-222.255.146.19:54636.service: Succeeded. auth.log: Aug 13 00:12:42 q sshd[28305]: Invalid user tez from 192.117.186.215 port 34594 Aug 13 00:12:42 q sshd[28305]: pam_unix(sshd:auth): check pass; user unknown Aug 13 00:12:42 q sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.117.18 Aug 13 00:12:44 q sshd[28305]: Failed password for invalid user tez from 192.117.186.215 port 34594 ssh2 Aug 13 00:12:46 q sshd[28305]: Received disconnect from 192.117.186.215 port 34594:11: Bye Bye [preauth] Aug 13 00:12:46 q sshd[28305]: Disconnected from invalid user tez 192.117.186.215 port 34594 [preauth] Aug 13 00:12:46 q sshd[28308]: fatal: chroot("/run/sshd"): No such file or directory [preauth] there were no auth.log entries for the connection from 222.255.146.19 This is not a big deal, but I'd really like to know that I am still running the sshd with privilege separation. Greetings Marc -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.2.7-zgsrv20080 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii dpkg 1.19.7 ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libcom-err2 1.44.5-1 ii libgssapi-krb5-2 1.17-3 ii libkrb5-3 1.17-3 ii libpam-modules 1.3.1-5 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii libssl1.1 1.1.1c-1 ii libsystemd0 241-5 ii libwrap0 7.6.q-28 ii lsb-base 10.2019051400 ii openssh-client 1:7.9p1-10 ii openssh-sftp-server 1:7.9p1-10 ii procps 2:3.3.15-2 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages openssh-server recommends: ii libpam-systemd 241-5 pn ncurses-term <none> pn xauth <none> Versions of packages openssh-server suggests: ii molly-guard 0.7.1 pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: * openssh-server/permit-root-login: true ssh/vulnerable_host_keys: * openssh-server/password-authentication: true ssh/disable_cr_auth: false
--- End Message ---
--- Begin Message ---Source: openssh Source-Version: 1:8.4p1-6 Done: Colin Watson <[email protected]> We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <[email protected]> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Aug 2021 11:04:01 +0100 Source: openssh Architecture: source Version: 1:8.4p1-6 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <[email protected]> Changed-By: Colin Watson <[email protected]> Closes: 934663 990456 992134 Changes: openssh (1:8.4p1-6) unstable; urgency=medium . [ Colin Watson ] * Rename ssh group to _ssh (closes: #990456). It's only used by ssh-agent. * debian/tests/regress: Don't fail cleanup if haveged isn't running. * Backport from upstream: - Add includes.h to compat tests (closes: #992134, LP: #1939751). * Use "command -v" in maintainer scripts rather than "which". . [ Athos Ribeiro ] * d/systemd/[email protected]: preserve the systemd managed runtime directory to ensure parallel processes will not disrupt one another when halting (LP: #1905285) (closes: #934663) Checksums-Sha1: 77a4d035d35386fb101351bf6abe19a45e40afcd 3353 openssh_8.4p1-6.dsc 01099792f97ccd4b5012e4db5e8fc9bf481e317d 180236 openssh_8.4p1-6.debian.tar.xz Checksums-Sha256: 692615840d985bc66b49992d42235f35cc8f5e78ace6ca7bcb979b3d92530cc8 3353 openssh_8.4p1-6.dsc a21f4a01ae6b19e929f164ff3a121939c4f83fc4dc868f2f815266dff93e0d1c 180236 openssh_8.4p1-6.debian.tar.xz Files: 6759698733983ca4f8066eee6bcd529d 3353 net standard openssh_8.4p1-6.dsc 96cb3dcf100d6ce3639a7079d73914ee 180236 net standard openssh_8.4p1-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmEeMm4ACgkQOTWH2X2G UAutOQ/+Lm9vbR9/3qMFXfKS1x+2vhk6dHO8976eCeabajvdpVJUndbI3sp4iPhC XV2gP7k0Cn73ZjrDy+yZyNrPn9s4t2+KrIO+EbqQN0wbeE/Q2IThDnPchZyTuQnj tA0ZlqQ7NEG7efZl8ftFHCdRg8KLY5nD8E9OrR3oxw7m+Dl3kQdo8S8Ha15vUW9v IouU6fcWYwDbzYo1XTZrrzh2RLsYP6nKBsoTiOOM+Op7lYGt+9impx5Y1A7zZZlH NOYj8yJBQuyS3WKWa58jiWghOIkhixf41kjZf8lyaO2EJvMhpgzHrPuawZn6fKiA oD5Y1kihmfUYXEZUVhjF1l2qczDIh10yQFDU2TIhUfuybLzUesID4JpEiQdxzyOa p2GA4diaKklotx7A/5Ki6eGikmcCpc+rEXnp4YK4mPNwrq7KZ1zkGINVzyq9dkhn 7lNO5pE3jf4bdKe4qn3vLUkgolnRJue73GNguHoZ3LAUkHr6Oc2Ul+vrypsHv0BH vyBsjOton7SqYq0WxYLRFEHWFoR6GSjRaafMgb1w5Gdh1EwSogXRpbaLEmL48Rdr PWOoz3F1ABfabVZPb/KCX6QTZD63QqABvFKraETcARcChi5jBLruHDmfjmStxFA/ dYfMhl9tpeZnxPd8Yh3bgmkU5Ym80zS7BzQGbE/Fww6rfy1TeQ4= =KO12 -----END PGP SIGNATURE-----
--- End Message ---
