FS#65386 : [glibc] 2.31-1 breaks openssh 8.1p1-2 ("Connection closed by $server port 22")

FS#65386 - [glibc] 2.31-1 breaks openssh 8.1p1-2 ("Connection closed by $server port 22")

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 05 February 2020, 12:19 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Wednesday, 05 February 2020, 13:55 GMT

Task Type	Bug Report
Category	Packages: Testing
Status	Closed
Assigned To	Gaetan Bisson (vesath) Bartłomiej Piotrowski (Barthalion)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Gus Fun (fungalnet) (2020-02-08) Pascal Ernster (hardfalcon) (2020-02-05)
Private	No

Details

After upgrading to glibc 2.31-1, I can't log into the OpenSSH sshd server on that machine anymore (connecting to remote SSH servers running other distros/glibc versions still works).

Upon trying to connect, I simply get the message "Connection closed by ::1 port 22".

Downgrading glibc again fixes the problem.

I have also tried rebuilding the openssh package using the "testing-x86_64-build -c" command from the devtools package, but the rebuilt openssh package shows exactly the same behaviour/error.

Since this breaks sshd and not just the local ssh client, I consider this a critical issue, since it locks people out of remote machines to which they might not have physical access in order to downgrade glibc or fix the problem in some other way.

This task depends upon

Closed by Bartłomiej Piotrowski (Barthalion)
Wednesday, 05 February 2020, 13:55 GMT
Reason for closing: Fixed
Additional comments about closing: openssh 8.1p1-3

Comment by Heinrich Siebmanns (Harvey) - Wednesday, 05 February 2020, 12:30 GMT

Same here. Lucky me, I had access to the other machine to downgrade glibc to version 2.30 (and lib32-glibc). Would be a real PITA for my servers 600km away...

Comment by Pascal Ernster (hardfalcon) - Wednesday, 05 February 2020, 12:57 GMT

Rebuilding the openssh package with the following two patches applied fixes the issue for me:

https://github.com/openssh/openssh-portable/commit/beee0ef61866cb567b9abc23bd850f922e59e3f0
https://github.com/openssh/openssh-portable/commit/69298ebfc2c066acee5d187eac8ce9f38c796630

My advice would still be to just take all the commits that upstream have committed into their V_8_1 branch, and not just the two above:

https://github.com/openssh/openssh-portable/compare/V_8_1_P1...V_8_1

To get those changes as a ready-made patch file:

https://github.com/openssh/openssh-portable/compare/V_8_1_P1...V_8_1.patch

To get the above combined patch file up to a defined commit (so the patch file and its checksum don't change each time upstream commit a new change into their V_8_1 branch):

https://github.com/openssh/openssh-portable/compare/V_8_1_P1...fbe37c90602fa2d0d7b5f05868d6886b1e216e65.patch

Comment by Bartłomiej Piotrowski (Barthalion) - Wednesday, 05 February 2020, 13:31 GMT

OT: I don't think you should be running [testing] on your servers if you don't have a way to recover them without being onsite.

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#65424 - openssh breaks with glibc 2.31-1 (currently testing)~~

Arch Linux

FS#65386 - [glibc] 2.31-1 breaks openssh 8.1p1-2 ("Connection closed by $server port 22")

Details

Loading...