Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf

2022-02-25 Thread Colin Watson
Source: openssh
Source-Version: 1:8.7p1-1

On Thu, Jan 27, 2022 at 02:52:31PM +0100, Benedikt Wildenhain wrote:
> audit(1643291311.540:31): auid=4294967295 uid=105 gid=65534 ses=4294967295 
> subj==unconfined pid=3813 comm="sshd" exe="/usr/sbin/sshd" sig=31 
> arch=4028 syscall=413 compat=0 ip=0xb6a8e3c6 >

This was fixed in OpenSSH 8.5p1:

  https://github.com/openssh/openssh-portable/commit/0f90440ca7

However, I think it would make sense to cherry-pick this patch to
bullseye.  I'll queue that up.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]



Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf

2022-02-25 Thread Colin Watson
On Fri, Feb 25, 2022 at 11:37:47AM +0100, Lionel Debroux wrote:
> After upgrading packages on a Debian sid i386 computer today, which
> contained a switch to OpenSSH_8.9p1 Debian-2 among other upgrades, I'm
> now experiencing the same symptoms:
> * [...]
> debug1: Killing privsep child 
> debug1: audit_event: unhandled event 12
> appears in the auth log;
> * an audit trace containing sig=31 syscall=414 appears in the kernel log.

This is probably https://bugs.debian.org/1006445, which is a separate
issue (the symptoms are different though superficially similar - the
syscall is different).

-- 
Colin Watson (he/him)  [cjwat...@debian.org]



Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf

2022-01-27 Thread Benedikt Wildenhain
Hello,

On Thu, Jan 27, 2022 at 02:52:31PM +0100, Benedikt Wildenhain wrote:
> Package: openssh-server
> Version: 1:8.4p1-5
> Severity: important
> X-Debbugs-Cc: benedikt.wildenh...@hs-bochum.de
> 
> ii  libc6  2.33-3

the issue can be fixed by downgrading libc6 to 2.31-13+deb11u2
(stable) or upgrading openssh-server to testing (8.7p1-4).

Regards,
Benedikt Wildenhain



Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf

2022-01-27 Thread Benedikt Wildenhain
Package: openssh-server
Version: 1:8.4p1-5
Severity: important
X-Debbugs-Cc: benedikt.wildenh...@hs-bochum.de

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I installed openssh-server using taskel.

   * What was the outcome of this action?
Trying to connect fails (also from external hosts):

# ssh -v localhost
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k  25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf 
matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 
Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x0400
debug1: Authenticating to localhost:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: 
 compression: none
debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: 
 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

journalctl -u ssh outputs the following at the same time (with Loglevel
debug):

Jan 27 14:48:31 jupiter sshd[3812]: debug1: Set /proc/self/oom_score_adj to 0
Jan 27 14:48:31 jupiter sshd[3812]: debug1: rexec start in 5 out 5 newsock 5 
pipe 7 sock 8
Jan 27 14:48:31 jupiter sshd[3812]: debug1: inetd sockets after dupping: 4, 4
Jan 27 14:48:31 jupiter sshd[3812]: Connection from 127.0.0.1 port 45200 on 
127.0.0.1 port 22 rdomain ""
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Local version string 
SSH-2.0-OpenSSH_8.4p1 Debian-5
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Remote protocol version 2.0, remote 
software version OpenSSH_8.4p1 Debian-5
Jan 27 14:48:31 jupiter sshd[3812]: debug1: match: OpenSSH_8.4p1 Debian-5 pat 
OpenSSH* compat 0x0400
Jan 27 14:48:31 jupiter sshd[3812]: debug1: permanently_set_uid: 105/65534 
[preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: list_hostkey_types: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jan 27 14:48:31 jupiter sshd[3812]: debug1: monitor_read_log: child log fd 
closed
Jan 27 14:48:31 jupiter sshd[3812]: debug1: do_cleanup
Jan 27 14:48:31 jupiter sshd[3812]: debug1: Killing privsep child 3813
Jan 27 14:48:31 jupiter sshd[3812]: debug1: audit_event: unhandled event 12
Jan 27 14:48:31 jupiter sshd[2759]: debug1: main_sigchld_handler: Child exited

journalctl -k outputs:
Jan 27 14:48:31 jupiter kernel: audit: type=1326
audit(1643291311.540:31): auid=4294967295 uid=105 gid=65534 ses=4294967295 
subj==unconfined pid=3813 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=4028 
syscall=413 compat=0 ip=0xb6a8e3c6 >

   * What outcome did you expect instead?

I can authenticate against the server.

Kind regards,
Benedikt Wildenhain

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'testing'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 5.15.0-3-armmp-lpae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE
Locale: LANG=eo, LC_CTYPE=eo (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.77
ii  dpkg   1.20.9
ii  libaudit1  1:3.0-2
ii  libc6  2.33-3
ii  libcom-err21.46.2-2
ii  libcrypt1  1:4.4.18-4
ii  libgssapi-krb5-2   1.18.3-6+deb11u1
ii  libkrb5-3  1.18.3-6+deb11u1
ii  libpam-modules 1.4.0-9+deb11u1
ii  libpam-runtime 1.4.0-9+deb11u1
ii  libpam0g   1.4.0-9+deb11u1
ii  libselinux13.1-3
ii  libssl1.1