[Bug 1690485] Re: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

ChristianEhrhardt 1690485 at bugs.launchpad.net
Mon May 15 13:41:44 UTC 2017 

Hi Kevin,
I quickly checked in the default config in zesty but ssh logins are working fine (pw logins is what I tested).

There must be more to your config that triggers this.
Is what you see in dmesg an apparmor denial or something else?
Could you attach your dmesg covering the issue that you see?

You logs attached so far only hold plenty of:
May 12 19:17:15 hostname sshd[4241]: pam_unix(sshd:auth): check pass; user unknown
[...]
May 12 20:51:55 hostname sshd[8608]: error: maximum authentication attempts exceeded for root from 192.168.1.1 port 9990 ssh2 [preauth]
May 12 20:51:55 hostname sshd[8608]: PAM service(sshd) ignoring max retries; 6 > 3

But those could just as well be from your testing.

I imported your sshd config as auto attached to the report, restarted it
and it still worked fine. So we really would need more to help
debugging.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1690485

Title:
  openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  The 'sshd' process gets 'authentication failure' and refuses to allow
  any login.

  dmesg indicates that the problem is SIGSYS on a call to 'socket'
  (syscall #41, signal #31).

  On a hunch, I decided to test whether the problem is related to
  'seccomp' and changed /etc/ssh/sshd_config from the default

  # UsePrivilegeSeparation sandbox

  to the former standard value

  UsePrivilegeSeparation yes

  and logins started to work again.

  Obviously, I'd like to have the additional protection that sandboxing
  would give me.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: openssh-server 1:7.4p1-10
  ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
  Uname: Linux 4.10.0-20-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Fri May 12 21:06:20 2017
  InstallationDate: Installed on 2017-04-08 (35 days ago)
  InstallationMedia:
   
  SourcePackage: openssh
  UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions

More information about the foundations-bugs mailing list