[Bug 263753] security/openssh-portable 8.9.p1_3,1 ssh_dispatch_run_fatal: Connection Not permitted in capability mode [preauth]

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 03 May 2022 10:46:50 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263753

            Bug ID: 263753
           Summary: security/openssh-portable 8.9.p1_3,1
                    ssh_dispatch_run_fatal: Connection Not permitted in
                    capability mode [preauth]
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: gessel@blackrosetech.com
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
          Assignee: bdrewery@FreeBSD.org

Between 8.8p1_2,1 and 8.9.p1,1 (...e32 commit) of security/openssh-portable a
change was committed that results, on my system at least, in connection
attempts being rejected while logging to debug.log:

debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug1: Killing privsep child 62090

and to auth.log

ssh_dispatch_run_fatal: Connection from ip.add.re.ss port 33492: Not permitted
in capability mode [preauth]

openssh-portable options:
(X) FIDO_U2F
(X) LDNS
(X) LIBEDIT
(X) PAM
(X) TCP_WRAPPERS

FreeBSD 11.3-RELEASE-p8 #0 r360490
(Unsupported I know, but, sadly, not practical to do an OS update at this time
due to being very remote)

It seems to be related to capsicum based on the error message.

-- 
You are receiving this mail because:
You are the assignee for the bug.