Bug#506938: openssh-server: Can't connect to sshd on vserver since the latest update in lenny (only on vservers)
On Tue, Nov 25, 2008 at 12:09:33PM +0100, Florian Sievers wrote:
> Package: openssh-server
> Version: 1:5.1p1-3
> Severity: grave
> Justification: renders package unusable
>
> Since the last update the ssh-server won't accept connection if it runs on a
> vserver. The ssh-server on non vservers runs normal. The ListenAddress is set
> correctly and everythings worked fine before the update. No other options in
> the sshd_config have been touched.
> Debug output follows:
>
> ---Debug output from auth.log---
> Nov 25 11:39:25 web sshd[13098]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
> Nov 25 11:39:25 web sshd[13091]: debug1: Forked child 13098.
> Nov 25 11:39:25 web sshd[13098]: error writing /proc/self/oom_adj: Permission denied
> Nov 25 11:39:25 web sshd[13098]: debug1: inetd sockets after dupping: 3, 3
> Nov 25 11:39:25 web sshd[13098]: Connection from 192.168.0.140 port 52076
> Nov 25 11:39:25 web sshd[13098]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-3
> Nov 25 11:39:25 web sshd[13098]: debug1: match: OpenSSH_5.1p1 Debian-3 pat OpenSSH*
> Nov 25 11:39:25 web sshd[13098]: debug1: Enabling compatibility mode for protocol 2.0
> Nov 25 11:39:25 web sshd[13098]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3
> Nov 25 11:39:25 web sshd[13099]: fatal: chroot("/var/run/sshd"): Operation not permitted
> Nov 25 11:39:25 web sshd[13099]: debug1: do_cleanup
> Nov 25 11:39:25 web sshd[13098]: debug1: do_cleanup
> ------End of debug output------
What was the last version that worked? This doesn't sound like it could
be due to a recent change in sshd. That chroot to the privsep directory
(/var/run/sshd) has been there for ages and ages.
Are you sure you didn't change any vserver settings recently? Why can't
it chroot?
--
Colin Watson [cjwatson@debian.org]
Reply to: