After a recent big update to OpenSuSE Tumbleweed, I could not ssh into my system any more.
Symptoms
The ssh client side would report a Read from socket failed: Connection reset by peer which I misinterpreted as the sshd not running at all.
Luckily the server is a VM, so I could reach the console. There I saw this:
sshd trying to load files it shouldn’t
The files should not be loaded as they are not specified in the sshd_config file:
dsa and ecdsa not specified in the config file
So I knew something was broken. After reading some messages in the forums.opensuse.org I got at Bug 977812 – sshd killed by SIGSYS on client connection
The cause
As usual with such issues the cause seems a combination of factors:
And we have the culprit, I believe: together with the glibc upgrade, openssl
was updated from 1.0.2g-1.1 to 1.0.2-2.12 which brought, among others, patch
openssl-urandom-reseeding.patch.
Temporary fix
A temporary fix is to comment out a line in /etc/sshd_config so you get this diff:
-UsePrivilegeSeparation sandbox # Default for new installations.
+# UsePrivilegeSeparation sandbox # Default for new installations.
Be sure to undo this as soon as you’ve received a final fix.
Final fix
A final fix is being fast-tracked so it appears in Tumbleweed soon.
I will report after deployment of [opensuse-factory] New Tumbleweed snapshot 20160502 released! as I think it contains the fix.
Aftermath
I already knew about openQA: Test summary which lists the builds, but not the changes in the builds.
Reading through Information Board or the like for Tumbleweed I found the openSUSE Mailinglist Archive: opensuse-factory which does the announcements and release notes for Tumbleweed.
It had both the announcement of the “big patch”, ssh bug report and temporary fix:
- [opensuse-factory] New Tumbleweed snapshot 20160422 released!
- [opensuse-factory] lost ssh from 13.1 server, Re:New Tumbleweed snapshot
- [opensuse-factory] SOLVED: lost ssh from 13.1 server, Re:New Tumbleweed
–jeroen
The Wiert Corner - irregular stream of stuff 