OK, I think I've followed instructions here. I built with the '#define SANDBOX_SECCOMP_FILTER_DEBUG 1' uncommented. Recalling at long last that Ubuntu is Debian (I use Red Hat/CentOS at work and get them confused), I used 'dpkg-buildpackage -rfakeroot -uc -b' to do the build; hope that's OK. I also found that I needed to comment away the four'#include' lines that follow the SANDBOX_SECCOMP_FILTER_DEBUG definition, or else I got many errors relating to conflicting structure definitions.
Attached tarball 'ssd-test-20171025.tar.gz' contains 'sshd.log', the result of running 'sudo sshd -p 2222 -ddd'. It also contains an etc/ hierarchy that includes the current /etc/ssh/sshd_config and the relevant files from /etc/pam.d. I also threw in the result of 'strace -f' applied to that command, in case it helps narrow the point of failure further. I took a quick troll through the output, and I don't *think* I see it revealing more than a few bytes of a private key. Thanks for responding! I hope this stuff helps to move the walls in on the problem. ** Attachment added: "Requested files from test on 2017-10-25" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+attachment/4995762/+files/sshd-test-20171025.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1690485 Title: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox' Status in openssh package in Ubuntu: New Bug description: The 'sshd' process gets 'authentication failure' and refuses to allow any login. dmesg indicates that the problem is SIGSYS on a call to 'socket' (syscall #41, signal #31). On a hunch, I decided to test whether the problem is related to 'seccomp' and changed /etc/ssh/sshd_config from the default # UsePrivilegeSeparation sandbox to the former standard value UsePrivilegeSeparation yes and logins started to work again. Obviously, I'd like to have the additional protection that sandboxing would give me. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: openssh-server 1:7.4p1-10 ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8 Uname: Linux 4.10.0-20-generic x86_64 ApportVersion: 2.20.4-0ubuntu4 Architecture: amd64 CurrentDesktop: XFCE Date: Fri May 12 21:06:20 2017 InstallationDate: Installed on 2017-04-08 (35 days ago) InstallationMedia: SourcePackage: openssh UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
