I have verified the fix using openssh-server from noble-proposed. I created a container and enable noble-proposed:
nr@six:~$ lxc launch ubuntu:noble noble Launching noble nr@six:~$ lxc exec noble bash root@noble:~# cat > /etc/apt/sources.list.d/proposed.sources << EOF > Types: deb > URIs: http://us.archive.ubuntu.com/ubuntu/ > Suites: noble-proposed > Components: main universe > Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg > EOF root@noble:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease Hit:2 http://archive.ubuntu.com/ubuntu noble-updates InRelease Hit:3 http://archive.ubuntu.com/ubuntu noble-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease Get:5 http://us.archive.ubuntu.com/ubuntu noble-proposed InRelease [265 kB] Get:6 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 Packages [180 kB] Get:7 http://us.archive.ubuntu.com/ubuntu noble-proposed/main Translation-en [48.6 kB] Get:8 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 Components [22.0 kB] Get:9 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 c-n-f Metadata [3556 B] Get:10 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Packages [650 kB] Get:11 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe Translation-en [79.1 kB] Get:12 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Components [68.0 kB] Get:13 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 c-n-f Metadata [10.7 kB] Fetched 1326 kB in 1s (1275 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 16 packages can be upgraded. Run 'apt list --upgradable' to see them. Then, I confirmed the bug was present with the CURRENT version: root@noble:~# echo "LogLevel DEBUG" >> /etc/ssh/sshd_config.d/log- level.conf In another terminal on my host, I ran: ssh [email protected] to initiate a session. Then, back in the container: root@noble:~# journalctl -t sshd -b -f Oct 23 15:59:05 noble sshd[1283]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: SSH2_MSG_NEWKEYS received [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: rekey in after 134217728 blocks [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: KEX done [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: SSH2_MSG_EXT_INFO received [preauth] Oct 23 15:59:07 noble sshd[1283]: debug1: kex_ext_info_check_ver: [email protected]=<0> [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: userauth-request for user ubuntu service ssh-connection method none [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: attempt 0 failures 0 [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: PAM: initializing for "ubuntu" Oct 23 15:59:08 noble sshd[1283]: debug1: PAM: setting PAM_RHOST to "10.19.111.1" Oct 23 15:59:08 noble sshd[1283]: debug1: PAM: setting PAM_TTY to "ssh" Oct 23 15:59:08 noble sshd[1283]: debug1: kex_server_update_ext_info: Sending SSH2_MSG_EXT_INFO [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: userauth-request for user ubuntu service ssh-connection method publickey [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: attempt 1 failures 0 [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Oct 23 15:59:08 noble sshd[1283]: debug1: trying public key file /home/ubuntu/.ssh/authorized_keys Oct 23 15:59:08 noble sshd[1283]: debug1: fd 3 clearing O_NONBLOCK Oct 23 15:59:08 noble sshd[1283]: debug1: /home/ubuntu/.ssh/authorized_keys:1: matching key found: RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM Oct 23 15:59:08 noble sshd[1283]: debug1: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Oct 23 15:59:08 noble sshd[1283]: Accepted key RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM found at /home/ubuntu/.ssh/authorized_keys:1 Oct 23 15:59:08 noble sshd[1283]: debug1: restore_uid: 0/0 Oct 23 15:59:08 noble sshd[1283]: Postponed publickey for ubuntu from 10.19.111.1 port 33742 ssh2 [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: userauth-request for user ubuntu service ssh-connection method [email protected] [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: attempt 2 failures 0 [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) Oct 23 15:59:08 noble sshd[1283]: debug1: trying public key file /home/ubuntu/.ssh/authorized_keys Oct 23 15:59:08 noble sshd[1283]: debug1: fd 3 clearing O_NONBLOCK Oct 23 15:59:08 noble sshd[1283]: debug1: /home/ubuntu/.ssh/authorized_keys:1: matching key found: RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM Oct 23 15:59:08 noble sshd[1283]: debug1: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Oct 23 15:59:08 noble sshd[1283]: Accepted key RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM found at /home/ubuntu/.ssh/authorized_keys:1 Oct 23 15:59:08 noble sshd[1283]: debug1: restore_uid: 0/0 Oct 23 15:59:08 noble sshd[1283]: debug1: auth_activate_options: setting new authentication options Oct 23 15:59:08 noble sshd[1283]: debug1: do_pam_account: called Oct 23 15:59:08 noble sshd[1283]: Accepted publickey for ubuntu from 10.19.111.1 port 33742 ssh2: RSA SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM Oct 23 15:59:08 noble sshd[1283]: debug1: monitor_child_preauth: user ubuntu authenticated by privileged process Oct 23 15:59:08 noble sshd[1283]: debug1: auth_activate_options: setting new authentication options [preauth] Oct 23 15:59:08 noble sshd[1283]: debug1: monitor_read_log: child log fd closed Oct 23 15:59:08 noble sshd[1283]: debug1: PAM: establishing credentials Oct 23 15:59:08 noble sshd[1283]: pam_unix(sshd:session): session opened for user ubuntu(uid=1000) by ubuntu(uid=0) Oct 23 15:59:08 noble sshd[1300]: run-parts: /etc/update-motd.d/98-fsck-at-reboot exited with return code 2 Oct 23 15:59:08 noble sshd[1283]: User child is on pid 1351 Oct 23 15:59:08 noble sshd[1351]: debug1: SELinux support disabled Oct 23 15:59:08 noble sshd[1351]: debug1: PAM: establishing credentials Oct 23 15:59:08 noble sshd[1351]: debug1: permanently_set_uid: 1000/1000 Oct 23 15:59:08 noble sshd[1351]: debug1: rekey in after 134217728 blocks Oct 23 15:59:08 noble sshd[1351]: debug1: rekey out after 134217728 blocks Oct 23 15:59:08 noble sshd[1351]: debug1: ssh_packet_set_postauth: called Oct 23 15:59:08 noble sshd[1351]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Oct 23 15:59:08 noble sshd[1351]: debug1: Entering interactive session for SSH2. Oct 23 15:59:08 noble sshd[1351]: debug1: server_init_dispatch Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 Oct 23 15:59:08 noble sshd[1351]: debug1: input_session_request Oct 23 15:59:08 noble sshd[1351]: debug1: channel 0: new session [server-session] (inactive timeout: 0) Oct 23 15:59:08 noble sshd[1351]: debug1: session_new: session 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_open: channel 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_open: session 0: link with channel 0 Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_channel_open: confirm session Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_global_request: rtype [email protected] want_reply 0 Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_global_request: rtype [email protected] want_reply 1 Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 Oct 23 15:59:08 noble sshd[1351]: debug1: session_by_channel: session 0 channel 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_input_channel_req: session 0 req pty-req Oct 23 15:59:08 noble sshd[1351]: debug1: Allocating pty. Oct 23 15:59:08 noble sshd[1283]: debug1: session_new: session 0 Oct 23 15:59:08 noble sshd[1283]: debug1: SELinux support disabled Oct 23 15:59:08 noble sshd[1351]: debug1: session_pty_req: session 0 alloc /dev/pts/2 Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_channel_req: channel 0 request env reply 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_by_channel: session 0 channel 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_input_channel_req: session 0 req env Oct 23 15:59:08 noble sshd[1351]: debug1: server_input_channel_req: channel 0 request shell reply 1 Oct 23 15:59:08 noble sshd[1351]: debug1: session_by_channel: session 0 channel 0 Oct 23 15:59:08 noble sshd[1351]: debug1: session_input_channel_req: session 0 req shell Oct 23 15:59:08 noble sshd[1351]: Starting session: shell on pts/2 for ubuntu from 10.19.111.1 port 33742 id 0 Oct 23 15:59:08 noble sshd[1352]: debug1: Setting controlling tty using TIOCSCTTY. ^C root@noble:~# journalctl -t sshd -b --grep "rexec start" root@noble:~# Then, I installed the new version, and confirmed the fix: root@noble:~# apt install -t noble-proposed openssh-server -y Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: openssh-client openssh-sftp-server Suggested packages: keychain libpam-ssh monkeysphere ssh-askpass molly-guard The following packages will be upgraded: openssh-client openssh-server openssh-sftp-server 3 upgraded, 0 newly installed, 0 to remove and 71 not upgraded. Need to get 1451 kB of archives. After this operation, 1024 B of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-sftp-server amd64 1:9.6p1-3ubuntu13.6 [37.3 kB] Get:2 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-server amd64 1:9.6p1-3ubuntu13.6 [509 kB] Get:3 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-client amd64 1:9.6p1-3ubuntu13.6 [905 kB] Fetched 1451 kB in 4s (372 kB/s) Preconfiguring packages ... (Reading database ... 34495 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a9.6p1-3ubuntu13.6_amd64.deb ... Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.6) over (1:9.6p1-3ubuntu13.5) ... Preparing to unpack .../openssh-server_1%3a9.6p1-3ubuntu13.6_amd64.deb ... Unpacking openssh-server (1:9.6p1-3ubuntu13.6) over (1:9.6p1-3ubuntu13.5) ... Preparing to unpack .../openssh-client_1%3a9.6p1-3ubuntu13.6_amd64.deb ... Unpacking openssh-client (1:9.6p1-3ubuntu13.6) over (1:9.6p1-3ubuntu13.5) ... Setting up openssh-client (1:9.6p1-3ubuntu13.6) ... Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.6) ... Setting up openssh-server (1:9.6p1-3ubuntu13.6) ... Replacing config file /etc/ssh/sshd_config with new version Processing triggers for man-db (2.12.0-4build2) ... Processing triggers for ufw (0.36.2-6) ... Scanning processes... Scanning candidates... No services need to be restarted. No containers need to be restarted. User sessions running outdated binaries: ubuntu @ session #3217: sshd[1283] No VM guests are running outdated hypervisor (qemu) binaries on this host. root@noble:~# systemctl stop ssh.service Stopping 'ssh.service', but its triggering units are still active: ssh.socket In another terminal on my host, I ran: ssh [email protected] to initiate a session. Then, back in the container: root@noble:~# journalctl -t sshd -b -f --grep "rexec start" Oct 23 16:00:51 noble sshd[1833]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 ** Tags removed: verification-needed verification-needed-noble ** Tags added: verification-done verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071815 Title: Investigate ASLR re-randomization being disabled for children To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2071815/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
