I have confirmed the fix using openssh 1:9.6p1-3ubuntu13.10 from noble- proposed.
First, I reproduced the bug using the current version: nr@six:~$ lxc launch ubuntu:noble noble Launching noble nr@six:~$ lxc exec noble bash root@noble:~# cat > /etc/apt/sources.list.d/proposed.sources << EOF Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main universe Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg > EOF root@noble:~# apt update Get:1 http://us.archive.ubuntu.com/ubuntu noble-proposed InRelease [265 kB] Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease Get:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB] Get:4 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB] Get:5 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 Packages [243 kB] Get:6 http://us.archive.ubuntu.com/ubuntu noble-proposed/main Translation-en [56.0 kB] Get:7 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 Components [22.3 kB] Get:8 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 c-n-f Metadata [2248 B] Get:9 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Packages [470 kB] Get:10 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe Translation-en [60.2 kB] Get:11 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Components [44.3 kB] Get:12 http://us.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 c-n-f Metadata [7448 B] Get:13 http://archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB] Get:14 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [748 kB] Get:15 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages [15.0 MB] Get:16 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [143 kB] Get:17 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [8956 B] Get:18 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages [830 kB] Get:19 http://security.ubuntu.com/ubuntu noble-security/universe Translation-en [181 kB] Get:20 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Components [52.2 kB] Get:21 http://security.ubuntu.com/ubuntu noble-security/universe amd64 c-n-f Metadata [17.0 kB] Get:22 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Packages [859 kB] Get:23 http://security.ubuntu.com/ubuntu noble-security/restricted Translation-en [175 kB] Get:24 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Components [212 B] Get:25 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Packages [17.6 kB] Get:26 http://security.ubuntu.com/ubuntu noble-security/multiverse Translation-en [3792 B] Get:27 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [208 B] Get:28 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 c-n-f Metadata [380 B] Get:29 http://archive.ubuntu.com/ubuntu noble/universe Translation-en [5982 kB] Get:30 http://archive.ubuntu.com/ubuntu noble/universe amd64 Components [3871 kB] Get:31 http://archive.ubuntu.com/ubuntu noble/universe amd64 c-n-f Metadata [301 kB] Get:32 http://archive.ubuntu.com/ubuntu noble/multiverse amd64 Packages [269 kB] Get:33 http://archive.ubuntu.com/ubuntu noble/multiverse Translation-en [118 kB] Get:34 http://archive.ubuntu.com/ubuntu noble/multiverse amd64 Components [35.0 kB] Get:35 http://archive.ubuntu.com/ubuntu noble/multiverse amd64 c-n-f Metadata [8328 B] Get:36 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [1020 kB] Get:37 http://archive.ubuntu.com/ubuntu noble-updates/main Translation-en [223 kB] Get:38 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Components [151 kB] Get:39 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [1056 kB] Get:40 http://archive.ubuntu.com/ubuntu noble-updates/universe Translation-en [266 kB] Get:41 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Components [367 kB] Get:42 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 c-n-f Metadata [26.0 kB] Get:43 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [951 kB] Get:44 http://archive.ubuntu.com/ubuntu noble-updates/restricted Translation-en [195 kB] Get:45 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Components [212 B] Get:46 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Packages [21.5 kB] Get:47 http://archive.ubuntu.com/ubuntu noble-updates/multiverse Translation-en [4788 B] Get:48 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Components [940 B] Get:49 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 c-n-f Metadata [592 B] Get:50 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 Packages [39.1 kB] Get:51 http://archive.ubuntu.com/ubuntu noble-backports/main Translation-en [8676 B] Get:52 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 Components [7064 B] Get:53 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 c-n-f Metadata [272 B] Get:54 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Packages [27.1 kB] Get:55 http://archive.ubuntu.com/ubuntu noble-backports/universe Translation-en [16.5 kB] Get:56 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Components [15.8 kB] Get:57 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 c-n-f Metadata [1304 B] Get:58 http://archive.ubuntu.com/ubuntu noble-backports/restricted amd64 Components [216 B] Get:59 http://archive.ubuntu.com/ubuntu noble-backports/restricted amd64 c-n-f Metadata [116 B] Get:60 http://archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 Components [212 B] Get:61 http://archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 c-n-f Metadata [116 B] Fetched 34.6 MB in 5s (6552 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 27 packages can be upgraded. Run 'apt list --upgradable' to see them. root@noble:~# echo "LogLevel DEBUG" >> /etc/ssh/sshd_config.d/log-level.conf root@noble:~# su - ubuntu To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. ubuntu@noble:~$ ssh-import-id enr0n 2025-04-18 19:18:00,520 INFO Authorized key ['3072', 'SHA256:VMGz6tsZ02V9ratWlExePp9LaOe2qIr7SiWLHP2aGrM', 'nr@six', '(RSA)'] 2025-04-18 19:18:00,521 INFO [1] SSH keys [Authorized] ubuntu@noble:~$ logout From another terminal, I connected to the container with: $ ssh [email protected] Back in the container: root@noble:~# systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/usr/lib/systemd/system/ssh.service; disabled; preset: enabled) Active: active (running) since Fri 2025-04-18 19:18:38 UTC; 29s ago TriggeredBy: ● ssh.socket Docs: man:sshd(8) man:sshd_config(5) Process: 1054 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 1055 (sshd) Tasks: 1 (limit: 18290) Memory: 2.1M (peak: 3.1M) CPU: 92ms CGroup: /system.slice/ssh.service └─1055 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Apr 18 19:18:47 noble sshd[1059]: debug1: do_pam_account: called Apr 18 19:18:47 noble sshd[1059]: Accepted publickey for ubuntu from 10.19.111.1 port 38958 ssh2: RSA SHA256:VMGz6tsZ0> Apr 18 19:18:47 noble sshd[1059]: debug1: monitor_child_preauth: user ubuntu authenticated by privileged process Apr 18 19:18:47 noble sshd[1059]: debug1: auth_activate_options: setting new authentication options [preauth] Apr 18 19:18:47 noble sshd[1059]: debug1: monitor_read_log: child log fd closed Apr 18 19:18:47 noble sshd[1059]: debug1: PAM: establishing credentials Apr 18 19:18:47 noble sshd[1059]: pam_unix(sshd:session): session opened for user ubuntu(uid=1000) by ubuntu(uid=0) Apr 18 19:18:48 noble sshd[1059]: User child is on pid 1127 Apr 18 19:18:48 noble sshd[1059]: debug1: session_new: session 0 Apr 18 19:18:48 noble sshd[1059]: debug1: SELinux support disabled root@noble:~# journalctl -t sshd -b --grep "rexec start" -- No entries -- Then, I installed openssh-server from noble-proposed and tried again: root@noble:~# apt install -t noble-proposed openssh-server -y Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: openssh-client openssh-sftp-server Suggested packages: keychain libpam-ssh monkeysphere ssh-askpass molly-guard The following packages will be upgraded: openssh-client openssh-server openssh-sftp-server 3 upgraded, 0 newly installed, 0 to remove and 50 not upgraded. Need to get 1452 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-sftp-server amd64 1:9.6p1-3ubuntu13.10 [37.3 kB] Get:2 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-server amd64 1:9.6p1-3ubuntu13.10 [509 kB] Get:3 http://us.archive.ubuntu.com/ubuntu noble-proposed/main amd64 openssh-client amd64 1:9.6p1-3ubuntu13.10 [905 kB] Fetched 1452 kB in 0s (6155 kB/s) Preconfiguring packages ... (Reading database ... 37222 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a9.6p1-3ubuntu13.10_amd64.deb ... Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.10) over (1:9.6p1-3ubuntu13.9) ... Preparing to unpack .../openssh-server_1%3a9.6p1-3ubuntu13.10_amd64.deb ... Unpacking openssh-server (1:9.6p1-3ubuntu13.10) over (1:9.6p1-3ubuntu13.9) ... Preparing to unpack .../openssh-client_1%3a9.6p1-3ubuntu13.10_amd64.deb ... Unpacking openssh-client (1:9.6p1-3ubuntu13.10) over (1:9.6p1-3ubuntu13.9) ... Setting up openssh-client (1:9.6p1-3ubuntu13.10) ... Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.10) ... Setting up openssh-server (1:9.6p1-3ubuntu13.10) ... Processing triggers for man-db (2.12.0-4build2) ... Processing triggers for ufw (0.36.2-6) ... Scanning processes... Scanning candidates... No services need to be restarted. No containers need to be restarted. User sessions running outdated binaries: ubuntu @ session #525: sshd[1059] No VM guests are running outdated hypervisor (qemu) binaries on this host. root@noble:~# systemctl stop ssh.service Stopping 'ssh.service', but its triggering units are still active: ssh.socket From another termainal: $ ssh [email protected] And back in the container: root@noble:~# journalctl -t sshd -b --grep "rexec start" Apr 18 19:20:10 noble sshd[1577]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 ** Tags removed: verification-needed verification-needed-noble ** Tags added: verification-done verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071815 Title: Investigate ASLR re-randomization being disabled for children To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2071815/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
