bugzilla-daemon at mindrot.org
2025-Jan-07 08:00 UTC
[Bug 3773] New: sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773
Bug ID: 3773
Summary: sshd-session rexec prevents live login after package
uninstall
Product: Portable OpenSSH
Version: 9.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: spam at ipik.org
In a particular usecase to bootstrap a headless base system to be
remotely setup later, one needs a live sshd connection to perform the
final setup.
In order to have a clean system for install, openssh server is
installed, launched and uninstalled while service runs.
With new sessions authentication depending of unloaded binaries at
startup (such as /usr/lib/ssh/sshd-session hardcoded path), this kills
ability for clients to connect since 9.9p1 (was ok until at least
9.7p1):
fatal: rexec of /usr/lib/ssh/sshd-session failed: No such file or
directory
I can understand loading everything at startup and keeping in memory
may not be desirable.
In such particular usecase I could alias /usr/lib/ssh somewhere in
tmpfs and keep it there after uninstall (it won't harm later setup).
If sshd could use a resolved direct reference of the aliased files
instead of hard-coded paths at startup, this would probably restore a
functioning usecase.
Thanks for consideration.
(I assume it will be same with upcoming sshd-auth binary or al.)
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-07 08:25 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to macmpi from comment #0)
[...]> If sshd could use a resolved direct reference of the aliased files
> instead of hard-coded paths at startup, this would probably restore
> a functioning usecase.
You can do this by specifying SshdSessionPath (and
SshdAuthPath) in your sshd_config or via sshd -o command line options
when you start sshd.
I don't think we'd want to have sshd chasing and caching symlinks to
support a fairly niche configuration since there's a lot of ways for
that to potentially go wrong.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-07 09:00 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773
macmpi <spam at ipik.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #2 from macmpi <spam at ipik.org> ---
Thanks Darren for the quick response: works a treat!
Did miss those statements in doc: apologies.
Closing.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 03:11 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
No, you didn't miss them. They aren't currently documented - I'm not
sure whether the interface will chance when things are finalised.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 03:30 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #4 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Damien Miller from comment #3)> No, you didn't miss them. They aren't currently documentederr, I refer you to https://man.openbsd.org/sshd_config.5#SshdAuthPath and https://man.openbsd.org/sshd_config.5#SshdSessionPath SshdSessionPath was documented in the most recent release: https://man.openbsd.org/OpenBSD-7.6/sshd_config.5#SshdSessionPath -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 03:33 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #5 from Damien Miller <djm at mindrot.org> --- Well, that's just downright embarrassing> commit 1839e3eb71a759aa795602c1e4196300f4ac2615 > Author: djm at openbsd.org <djm at openbsd.org> > Date: Mon Jun 24 04:05:11 2024 +0000 > > upstream: mention SshdSessionPath option > > OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c-- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 03:41 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #6 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Damien Miller from comment #5)> > commit 1839e3eb71a759aa795602c1e4196300f4ac2615 > > Author: djm at openbsd.org <djm at openbsd.org> > > Date: Mon Jun 24 04:05:11 2024 +0000I wasn't going to mention that part... -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 03:48 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773
Jim Knoble <jmknoble at pobox.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jmknoble at pobox.com
--- Comment #7 from Jim Knoble <jmknoble at pobox.com> ---
Damien, you're entitled. In fact, I think you've got at least 6 more
moments of public forgetfulness before the fines kick in....
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-09 07:34 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #8 from macmpi <spam at ipik.org> --- Based on current development plans, shall we expect more binaries coming-up in /usr/libexec beyond sshd-session and sshd-auth in foreseeable future? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-10 00:59 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #9 from Damien Miller <djm at mindrot.org> --- yes, at least one or two more: sshd-postauth and sshd-pam-helper for portable OpenSSH when compiled with PAM support -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-10 07:21 UTC
[Bug 3773] sshd-session rexec prevents live login after package uninstall
https://bugzilla.mindrot.org/show_bug.cgi?id=3773 --- Comment #10 from macmpi <spam at ipik.org> --- Thanks. Shall I assume each will be similarly assorted with relevant SshdXxxxxPath entry in sshd_config? (just trying to plan things for users of my bootstrapping tool, so that it does not break too often). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.