After a recent big update to OpenSuSE Tumbleweed, I could not ssh into my system any more.
Symptoms
The ssh client side would report a Read from socket failed: Connection reset by peer which I misinterpreted as the sshd not running at all.
Luckily the server is a VM, so I could reach the console. There I saw this:
Image may be NSFW.
Clik here to view.sshd trying to load files it shouldn’t
The files should not be loaded as they are not specified in the sshd_config file:
Image may be NSFW.
Clik here to view.dsa and ecdsa not specified in the config file
So I knew something was broken. After reading some messages in the forums.opensuse.org I got at Bug 977812 – sshd killed by SIGSYS on client connection
The cause
As usual with such issues the cause seems a combination of factors:
And we have the culprit, I believe: together with the glibc upgrade, openssl
was updated from 1.0.2g-1.1 to 1.0.2-2.12 which brought, among others, patch
openssl-urandom-reseeding.patch.
Temporary fix
A temporary fix is to comment out a line in /etc/sshd_config so you get this diff:
-UsePrivilegeSeparation sandbox # Default for new installations.
+# UsePrivilegeSeparation sandbox # Default for new installations.
Be sure to undo this as soon as you’ve received a final fix.
Final fix
A final fix is being fast-tracked so it appears in Tumbleweed soon.
I will report after deployment of [opensuse-factory] New Tumbleweed snapshot 20160502 released! as I think it contains the fix.
Aftermath
I already knew about openQA: Test summary which lists the builds, but not the changes in the builds.
Reading through Information Board or the like for Tumbleweed I found the openSUSE Mailinglist Archive: opensuse-factory which does the announcements and release notes for Tumbleweed.
It had both the announcement of the “big patch”, ssh bug report and temporary fix:
- [opensuse-factory] New Tumbleweed snapshot 20160422 released!
- [opensuse-factory] lost ssh from 13.1 server, Re:New Tumbleweed snapshot
- [opensuse-factory] SOLVED: lost ssh from 13.1 server, Re:New Tumbleweed
–jeroen
Filed under: *nix, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
