Thanks.  The strace is indeed useful, although it doesn't get us all the
way there.  This is very strange!  It appears that the network monitor
is attempting to create a Unix socket in the middle of sending a
USERAUTH_SUCCESS packet, which is peculiar to say the least.

This may take a few iterations.  Could you please revert your changes to
sandbox-seccomp-filter.c, and instead apply the attached patch?  You can
apply it with "patch -p1 </path/to/sshd-debug.patch", and then repeat
exactly what you did before to build and install it; I then only need
the strace, generated using the same procedure as before.  What I'm
trying to do here is to narrow down exactly where sshd is heading off to
try to create a socket.

** Patch added: "sshd-debug.patch"
   
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+attachment/4996722/+files/sshd-debug.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1690485

Title:
  openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

Status in openssh package in Ubuntu:
  New

Bug description:
  The 'sshd' process gets 'authentication failure' and refuses to allow
  any login.

  dmesg indicates that the problem is SIGSYS on a call to 'socket'
  (syscall #41, signal #31).

  On a hunch, I decided to test whether the problem is related to
  'seccomp' and changed /etc/ssh/sshd_config from the default

  # UsePrivilegeSeparation sandbox

  to the former standard value

  UsePrivilegeSeparation yes

  and logins started to work again.

  Obviously, I'd like to have the additional protection that sandboxing
  would give me.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: openssh-server 1:7.4p1-10
  ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
  Uname: Linux 4.10.0-20-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Fri May 12 21:06:20 2017
  InstallationDate: Installed on 2017-04-08 (35 days ago)
  InstallationMedia:
   
  SourcePackage: openssh
  UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to