Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSH broken after updating to 8.9p1-2.ph4 #1505

Open
ufoonline opened this issue Sep 14, 2023 · 3 comments
Open

OpenSSH broken after updating to 8.9p1-2.ph4 #1505

ufoonline opened this issue Sep 14, 2023 · 3 comments
Labels
bug

Comments

@ufoonline
Copy link

Describe the bug

OS: Photon OS 4.0
Latest know working OpenSSH Version:
openssh-clients-8.8p1-3.ph4.x86_64
openssh-server-8.8p1-3.ph4.x86_64
openssh-8.8p1-3.ph4.x86_64

Latest avaiable OpenSSH package:
openssh-server x86_64 8.9p1-2.ph4 photon-updates 1.14M 1196581
openssh-clients x86_64 8.9p1-2.ph4 photon-updates 4.83M 5061405
openssh x86_64 8.9p1-2.ph4 photon-updates 0.00b 0

Tested kernel:
5.10.142-1.ph4-esx
5.10.190-3.ph4-esx

After the upgrade:
1 - systemctl daemon-reload is not triggered
2 - the SSHd daemon is down
3 - If you manually start the daemon you will not be able to log in and the following error will be logged:
2023-09-14T06:26:26.681618+00:00 SRVNAME sshd[4675]: Server listening on 0.0.0.0 port 22.
2023-09-14T06:26:26.681856+00:00 SRVNAME sshd[4675]: Server listening on :: port 22.
2023-09-14T06:26:34.935768+00:00 SRVNAME sshd[4685]: Connection closed by 127.0.0.1 port 38882 [preauth]
2023-09-14T06:26:49.518524+00:00 SRVNAME sshd[4693]: [module:pam_lsass]pam_sm_authenticate: failed [error code:40017]
2023-09-14T06:26:49.524349+00:00 SRVNAME sshd[4693]: [module:pam_lsass]pam_sm_authenticate: failed [error code:40017]
2023-09-14T06:26:49.531977+00:00 SRVNAME sshd[4691]: Accepted keyboard-interactive/pam for support from 127.0.0.1 port 59004 ssh2
2023-09-14T06:26:49.532557+00:00 SRVNAME audit[4692]: SECCOMP auid=4294967295 uid=50 gid=50 ses=4294967295 subj=unconfined pid=4692 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=c000003e syscall=13 compat=0 ip=0x7f0d09dc8192 code=0x0
2023-09-14T06:26:49.532698+00:00 SRVNAME audit[4692]: ANOM_ABEND auid=4294967295 uid=50 gid=50 ses=4294967295 subj=unconfined pid=4692 comm="sshd" exe="/usr/sbin/sshd" sig=31 res=1
2023-09-14T06:26:49.532996+00:00 SRVNAME sshd[4691]: fatal: privsep_preauth: preauth child terminated by signal 31

Reproduction steps

  1. Upgrade openssh package from 8.8p1-3.ph4 to 8.9p1-2.ph
  2. systemctl-daemon reload
  3. systemct start ssh
    ...

Expected behavior

Would be possibile to log-in.

Additional context

No response
@ufoonline ufoonline added the bug label Sep 14, 2023
@ufoonline ufoonline changed the title OpenSSH broke after the update to 8.9p1-2.ph4 OpenSSH broken after updating to 8.9p1-2.ph4 Sep 14, 2023
@dcasota
Copy link
Contributor

dcasota commented Sep 14, 2023

similar to #1480

@ufoonline
Copy link
Author

Hello,

If I understood well the workaround that has been put in place by the user was to switch from sshd.socket to sshd.service, I did it but had no improvements:
root@SRVNAME [ /etc/tdnf/locks.d ]# systemctl disable --now sshd.socket
Removed /etc/systemd/system/sockets.target.wants/sshd.socket.
root@SRVNAME [ /etc/tdnf/locks.d ]# systemctl daemon-reload
root@SRVNAME [ /etc/tdnf/locks.d ]# systemctl enable --now sshd.service
root@SRVNAME [ /etc/tdnf/locks.d ]# systemctl status sshd.socket
● sshd.socket
Loaded: loaded (/usr/lib/systemd/system/sshd.socket; disabled; vendor preset: enabled)
Active: inactive (dead) since Fri 2023-09-15 12:56:59 UTC; 15s ago
Listen: [::]:22 (Stream)
Accepted: 12; Connected: 1;

Sep 14 07:18:54 SRVNAME systemd[1]: Listening on sshd.socket.
Sep 15 12:56:59 SRVNAME systemd[1]: sshd.socket: Succeeded.
Sep 15 12:56:59 SRVNAME systemd[1]: Closed sshd.socket.
root@SRVNAME [ /etc/tdnf/locks.d ]# systemctl status sshd
● sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-09-15 12:57:01 UTC; 16s ago
Main PID: 4186 (sshd)
Tasks: 1 (limit: 9543)
Memory: 1.0M
CGroup: /system.slice/sshd.service
└─4186 sshd: /usr/sbin/sshd -D [listener] 0 of 10-60 startups

Sep 15 12:57:01 SRVNAME systemd[1]: Started OpenSSH Daemon.
Sep 15 12:57:01 SRVNAME sshd[4186]: Server listening on 0.0.0.0 port 22.
Sep 15 12:57:01 SRVNAME sshd[4186]: Server listening on :: port 22.
Sep 15 12:57:08 SRVNAME sshd[4192]: Accepted keyboard-interactive/pam for XXX\xxxxxx from 10.xxx.xxx.xxx port 57402 ssh2
Sep 15 12:57:08 SRVNAME sshd[4192]: fatal: privsep_preauth: preauth child terminated by signal 31
root@SRVNAME [ /etc/tdnf/locks.d ]#

Best Regards

@dcasota
Copy link
Contributor

dcasota commented Sep 15, 2023

Hi @ufoonline , I see your point. Unfortunately the latest available openssh packages are not backported to 4.0, and the 8.9p1 with all bugs - and your issue mentioned - is the latest in 4.0. Assuming you've tested the distro update, actually I would stay on 8.8p1 or upgrade to Ph5.0 (+distro update).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ufoonline @dcasota