The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,816 other followers

Latest Tumbleweed distribution update likely kills sshd

Posted by jpluimers on 2016/05/03

After a recent big update to OpenSuSE Tumbleweed, I could not ssh into my system any more.

Symptoms

The ssh client side would report a Read from socket failed: Connection reset by peer which I misinterpreted as the sshd not running at all.

Luckily the server is a VM, so I could reach the console. There I saw this:

sshd trying to load files it shouldn't

sshd trying to load files it shouldn’t

The files should not be loaded as they are not specified in the sshd_config file:

dsa and ecdsa not specified in the config file

dsa and ecdsa not specified in the config file

So I knew something was broken. After reading some messages in the forums.opensuse.org I got at Bug 977812 – sshd killed by SIGSYS on client connection

The cause

As usual with such issues the cause seems a combination of factors:

And we have the culprit, I believe: together with the glibc upgrade, openssl
was updated from 1.0.2g-1.1 to 1.0.2-2.12 which brought, among others, patch
openssl-urandom-reseeding.patch.

Temporary fix

A temporary fix is to comment out a line in /etc/sshd_config so you get this diff:

-UsePrivilegeSeparation sandbox # Default for new installations.
+# UsePrivilegeSeparation sandbox # Default for new installations.

Be sure to undo this as soon as you’ve received a final fix.

Final fix

A final fix is being fast-tracked so it appears in Tumbleweed soon.

I will report after deployment of [opensuse-factory] New Tumbleweed snapshot 20160502 released! as I think it contains the fix.

Aftermath

I already knew about openQA: Test summary which lists the builds, but not the changes in the builds.

Reading through Information Board or the like for Tumbleweed I found the openSUSE Mailinglist Archive: opensuse-factory which does the announcements and release notes for Tumbleweed.

It had both the announcement of the “big patch”, ssh bug report and temporary fix:

–jeroen

 

 

2 Responses to “Latest Tumbleweed distribution update likely kills sshd”

  1. jpluimers said

    The fix wasn’t in snapshot 20160502. Now awaiting results for snapshot 20160503: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=Tumbleweed&build=20160503&groupid=1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: