Package: openssh-server Version: 1:8.4p1-5 Severity: important X-Debbugs-Cc: benedikt.wildenh...@hs-bochum.de
Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I installed openssh-server using taskel. * What was the outcome of this action? Trying to connect fails (also from external hosts): # ssh -v localhost OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5 debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000 debug1: Authenticating to localhost:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY journalctl -u ssh outputs the following at the same time (with Loglevel debug): Jan 27 14:48:31 jupiter sshd[3812]: debug1: Set /proc/self/oom_score_adj to 0 Jan 27 14:48:31 jupiter sshd[3812]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Jan 27 14:48:31 jupiter sshd[3812]: debug1: inetd sockets after dupping: 4, 4 Jan 27 14:48:31 jupiter sshd[3812]: Connection from 127.0.0.1 port 45200 on 127.0.0.1 port 22 rdomain "" Jan 27 14:48:31 jupiter sshd[3812]: debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5 Jan 27 14:48:31 jupiter sshd[3812]: debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5 Jan 27 14:48:31 jupiter sshd[3812]: debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000 Jan 27 14:48:31 jupiter sshd[3812]: debug1: permanently_set_uid: 105/65534 [preauth] Jan 27 14:48:31 jupiter sshd[3812]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] Jan 27 14:48:31 jupiter sshd[3812]: debug1: SSH2_MSG_KEXINIT sent [preauth] Jan 27 14:48:31 jupiter sshd[3812]: debug1: monitor_read_log: child log fd closed Jan 27 14:48:31 jupiter sshd[3812]: debug1: do_cleanup Jan 27 14:48:31 jupiter sshd[3812]: debug1: Killing privsep child 3813 Jan 27 14:48:31 jupiter sshd[3812]: debug1: audit_event: unhandled event 12 Jan 27 14:48:31 jupiter sshd[2759]: debug1: main_sigchld_handler: Child exited journalctl -k outputs: Jan 27 14:48:31 jupiter kernel: audit: type=1326 audit(1643291311.540:31): auid=4294967295 uid=105 gid=65534 ses=4294967295 subj==unconfined pid=3813 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 ip=0xb6a8e3c6 > * What outcome did you expect instead? I can authenticate against the server. Kind regards, Benedikt Wildenhain -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (500, 'stable') Architecture: armhf (armv7l) Kernel: Linux 5.15.0-3-armmp-lpae (SMP w/2 CPU threads) Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE Locale: LANG=eo, LC_CTYPE=eo (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.77 ii dpkg 1.20.9 ii libaudit1 1:3.0-2 ii libc6 2.33-3 ii libcom-err2 1.46.2-2 ii libcrypt1 1:4.4.18-4 ii libgssapi-krb5-2 1.18.3-6+deb11u1 ii libkrb5-3 1.18.3-6+deb11u1 ii libpam-modules 1.4.0-9+deb11u1 ii libpam-runtime 1.4.0-9+deb11u1 ii libpam0g 1.4.0-9+deb11u1 ii libselinux1 3.1-3 ii libssl1.1 1.1.1k-1+deb11u1 ii libsystemd0 247.3-6 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii openssh-client 1:8.4p1-5 ii openssh-sftp-server 1:8.4p1-5 ii procps 2:3.3.17-5 ii runit-helper 2.10.3 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 247.3-6 ii ncurses-term 6.2+20201114-2 ii xauth 1:1.1-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/password-authentication: true openssh-server/permit-root-login: true
