[Bug 1690485] Re: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

KEVIN KENNY 1690485 at bugs.launchpad.net
Mon May 15 23:39:08 UTC 2017 

I reset /etc/ssh/sshd_config to the attached version, and attempted

ssh -v localhost

while logged in as username=kennykb uid=117

The output of 'ssh -v' is attached as 'sshclient.txt'.

The only lines that appeared in syslog after I restarted the daemon were
in the attached 'syslog.txt'.

The corresponding time period in auth.log is attached as 'authlog.txt'.

The contents of /etc/ssh/ssh_config at the time of the failure are
attached.

(I'll attach the files in the next few messages.)

The first is auth.log. 192.168.1.1 is my gateway machine. I see that I'm
being hammered 3-4 times a minute with unauthorized requests to log in
as root from some external machine. Isn't the internet a spectacularly
hostile place?

If this is not enough, what else do you need?  Another developer
mentioned rebuilding from source with a particular debugging option
turned on - if you need this, can you give me a precise description of
the location and version of the package you want rebuilt and the exact
change you want?



** Attachment added: "auth.log from the ssh daemon restart through the login failure"
   https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+attachment/4877132/+files/authlog.txt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1690485

Title:
  openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

Status in openssh package in Ubuntu:
  New

Bug description:
  The 'sshd' process gets 'authentication failure' and refuses to allow
  any login.

  dmesg indicates that the problem is SIGSYS on a call to 'socket'
  (syscall #41, signal #31).

  On a hunch, I decided to test whether the problem is related to
  'seccomp' and changed /etc/ssh/sshd_config from the default

  # UsePrivilegeSeparation sandbox

  to the former standard value

  UsePrivilegeSeparation yes

  and logins started to work again.

  Obviously, I'd like to have the additional protection that sandboxing
  would give me.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: openssh-server 1:7.4p1-10
  ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
  Uname: Linux 4.10.0-20-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Fri May 12 21:06:20 2017
  InstallationDate: Installed on 2017-04-08 (35 days ago)
  InstallationMedia:
   
  SourcePackage: openssh
  UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions

More information about the foundations-bugs mailing list