** Description changed:
[ Impact ]
* Unable to ssh into Ubuntu, using default sshd configuration, when hw
acceleration is enabled in openssl.
[ Proposed solution ]
* Cherrypick upstream fixes for:
- - sandboxing code on big endian
- - allowing hw accel iocls in the sandbox
--- Comment From heinz-werner_se...@de.ibm.com 2018-01-17 08:56 EDT---
IBM Bugzilla status -> closed, Fix Released by Canonical.
** Tags removed: verification-failed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
closing this ticket - since Zesty ran out of support on Jan the 13th:
https://www.google.de/url?https://lists.ubuntu.com/archives/ubuntu-announce/2018-January/000227.html
and kernel 4.10 is no longer supported.
Even on Xenial we moved the HWE kernel already from 4.10 to 4.13
** Changed in:
** Tags added: id-597a835aabb9be94fe80eb45
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw crypto support on s390x is
** Tags added: id-59a6de69fde9c920947b3d4b
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw crypto support on s390x is
Is there any plan to release this fix into Zesty (zesty-updates) ?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw crypto
This bug was fixed in the package openssh - 1:7.5p1-5ubuntu1
---
openssh (1:7.5p1-5ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Cherrypick updated patchset to open up sandbox, when openssl engine calls
into OpenCryptoki for hardware
--- Comment From ebarre...@br.ibm.com 2017-07-28 16:01 EDT---
(In reply to comment #23)
> If the patch isn't getting any review on the upstream mailing list, then
> please open a bug on https://bugzilla.mindrot.org/ so that it doesn't fall
> through the cracks permanently.
Done:
If the patch isn't getting any review on the upstream mailing list, then
please open a bug on https://bugzilla.mindrot.org/ so that it doesn't
fall through the cracks permanently.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
** Changed in: ubuntu-z-systems
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw
** Changed in: openssh (Ubuntu Artful)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail
I am preparing a test build of openssh as part of merging changes from
Debian, with the updated patchset that opens up more syscalls. This will
land in artful shortly - but currently artful is very busy with many
migration thus it may take some time before the package migrates from
proposed into
** Changed in: openssh (Ubuntu Artful)
Status: Fix Released => Triaged
** Changed in: openssh (Ubuntu Artful)
Importance: High => Critical
** Changed in: openssh (Ubuntu Zesty)
Status: In Progress => Confirmed
** Changed in: openssh (Ubuntu Zesty)
Importance: High =>
This bug was fixed in the package openssh - 1:7.5p1-3ubuntu1
---
openssh (1:7.5p1-3ubuntu1) artful; urgency=medium
* On s390x, allow geteuid syscall in the sandbox, to allow openssh
connections to work when hw accelerated cryptography is enabled. This
patch is to be
** Changed in: openssh (Ubuntu Artful)
Status: Triaged => Fix Committed
** Changed in: openssh (Ubuntu Zesty)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in
Excellent.
We need patch for 7.5p as well, because that is the release in artful,
current development series. If you could forward that one as well to us,
that would be great.
Regards,
Dimitri.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
May 05 10:45:13 s1lp15 sshd[138567]: fatal: ssh_sandbox_violation:
unexpected system call (arch:0x8016,syscall:201 @ 0x3ffb853fb32)
[preauth]
Syscall 201 is
{ "geteuid", 201 },
from seccomp sources.
It seems like more syscalls are used, when encryption enabled, at least
on Ubuntu, when
May 05 10:45:13 s1lp15 sshd[138567]: debug3: send packet: type 52 [preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug1: Enabling compression at level 6.
[preauth]
May 05 10:45:13 s1lp15 sshd[138567]: debug3: mm_request_send entering: type 26
[preauth]
May 05 10:45:13 s1lp15 sshd[138567]:
This does not appear to work with 7.5 either
** Changed in: openssh (Ubuntu Artful)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
** Tags removed: verification-needed
** Tags added: verification-failed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw
ubuntu@zlin42:~$ sudo sh -c "echo 'deb http://ports.ubuntu.com/ubuntu-ports
$(lsb_release -sc)-proposed restricted main multiverse universe' >>
/etc/apt/sources.list.d/proposed-repositories.list"
ubuntu@zlin42:~$ sudo apt -y update -qq
12 packages can be upgraded. Run 'apt list --upgradable' to
** Changed in: ubuntu-z-systems
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if
Hello Frank, or anyone else affected,
Accepted openssh into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssh/1:7.4p1-10ubuntu0.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Tags added: architecture-s39064 bugnameltc-153940 severity-high
targetmilestone-inin1704
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection
** Changed in: ubuntu-z-systems
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw
** Changed in: openssh (Ubuntu Zesty)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if
** Description changed:
+ [ Impact ]
+
+ * Unable to ssh into Ubuntu, using default sshd configuration, when hw
+ acceleration is enabled in openssl.
+
+ [ Proposed solution ]
+
+ * Cherrypick upstream fixes for:
+ - sandboxing code on big endian
+ - allowing hw accel iocls in the sandbox
7.5 is now in artful.
https://launchpad.net/ubuntu/+source/openssh/1:7.5p1-2
** Changed in: openssh (Ubuntu Artful)
Status: Triaged => Fix Released
** Changed in: openssh (Ubuntu Zesty)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
** Changed in: openssh (Ubuntu Zesty)
** Changed in: ubuntu-z-systems
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail if hw crypto
** Changed in: openssh (Ubuntu)
Status: New => Triaged
** Changed in: openssh (Ubuntu)
Importance: Undecided => High
** Changed in: openssh (Ubuntu)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
** Changed in: openssh (Ubuntu)
Milestone: None => ubuntu-17.05
** Also
** Also affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1686618
Title:
ssh connection attempts fail
31 matches
Mail list logo