Comment 11 for bug 1690485

Revision history for this message
Colin Watson (cjwatson) wrote :

This issue was never previously closed, only marked Incomplete (which is an open state).

While it's possible to do a normal package build to get things configured exactly the way we do, I don't think that's necessary here. I suggest:

 * git clone https://anonscm.debian.org/git/pkg-ssh/openssh.git
 * cd openssh
 * sudo apt build-dep ./
 * make the change I suggested in comment #2
 * ./configure --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --with-privsep-path=/run/sshd --with-pid-dir=/run --with-pam
 * make

Don't install the result. Instead, run "sudo `pwd`/sshd -p 2222 -ddd" (where 2222 is some free port on your system) and try "ssh -oStrictHostKeyChecking=no -p 2222 localhost". That should be close enough for this purpose, and if it isn't then we can refine from there.

Also, could you attach your PAM configuration (/etc/pam.d/sshd plus any files mentioned in @include lines there)?

The strace you attached is unfortunately not very useful. What we need to find out here is what bit of code is making the offending socket call, which is going to require some context around it: that's usually best achieved by not limiting the set of syscalls traced by strace. Unfortunately that also means that your private host keys will show up in the strace, so if you do that then you need to be careful to redact anything like that from the output!