Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH-7402 fails to generate a copy of sshd_config #1184

Open
vinceoa opened this issue Jul 7, 2021 · 6 comments
Open

SSH-7402 fails to generate a copy of sshd_config #1184

vinceoa opened this issue Jul 7, 2021 · 6 comments
Assignees
@mboelen
Labels
information-needed

Comments

@vinceoa
Copy link

vinceoa commented Jul 7, 2021

Describe the bug
executing sshd -T -C user=doesnotexist,host=none,addr=none returns non zero and no config, causing all of SSH-7408 (option checking) to return NOT FOUND

Version

  • Distribution Arch Linux (rolling release)
  • Lynis version 3.0.5
  • sshd 8.6p1

Expected behavior
execution of sshd -T -C ... should yield a configuration, which then permits SSH-7408 to check the options

Output
From the console

[+] SSH Support
------------------------------------
[DEBUG] Performing test ID SSH-7402 (Check for running SSH daemon)
  - Checking running SSH daemon                               [ FOUND ]
[DEBUG] Performing test ID SSH-7404 (Check SSH daemon file location)
    - Searching SSH configuration                             [ FOUND ]
[DEBUG] Performing test ID SSH-7406 (Determine OpenSSH version)
[DEBUG] Performing test ID SSH-7408 (Check SSH specific defined options)
    - OpenSSH option: AllowTcpForwarding                      [ NOT FOUND ]
    - OpenSSH option: ClientAliveCountMax                     [ NOT FOUND ]
    - OpenSSH option: ClientAliveInterval                     [ NOT FOUND ]
    - OpenSSH option: Compression                             [ NOT FOUND ]
    - OpenSSH option: FingerprintHash                         [ NOT FOUND ]
    - OpenSSH option: GatewayPorts                            [ NOT FOUND ]
    - OpenSSH option: IgnoreRhosts                            [ NOT FOUND ]
    - OpenSSH option: LoginGraceTime                          [ NOT FOUND ]
    - OpenSSH option: LogLevel                                [ NOT FOUND ]
    - OpenSSH option: MaxAuthTries                            [ NOT FOUND ]
    - OpenSSH option: MaxSessions                             [ NOT FOUND ]
    - OpenSSH option: PermitRootLogin                         [ NOT FOUND ]
    - OpenSSH option: PermitUserEnvironment                   [ NOT FOUND ]
    - OpenSSH option: PermitTunnel                            [ NOT FOUND ]
    - OpenSSH option: Port                                    [ NOT FOUND ]
    - OpenSSH option: PrintLastLog                            [ NOT FOUND ]
    - OpenSSH option: StrictModes                             [ NOT FOUND ]
    - OpenSSH option: TCPKeepAlive                            [ NOT FOUND ]
    - OpenSSH option: UseDNS                                  [ NOT FOUND ]
    - OpenSSH option: X11Forwarding                           [ NOT FOUND ]
    - OpenSSH option: AllowAgentForwarding                    [ NOT FOUND ]

From the lynis.log

2021-07-07 12:09:21 Action: Performing tests from category: SSH Support
2021-07-07 12:09:21 ====
2021-07-07 12:09:21 Performing test ID SSH-7402 (Check for running SSH daemon)
2021-07-07 12:09:21 Test: Searching for a SSH daemon
2021-07-07 12:09:21 Performing pgrep scan without uid
2021-07-07 12:09:21 IsRunning: process 'sshd' found (3989 )
2021-07-07 12:09:21 Action: created temporary file /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:21 ====
2021-07-07 12:09:21 Performing test ID SSH-7404 (Check SSH daemon file location)
2021-07-07 12:09:21 Test: searching for sshd_config file
2021-07-07 12:09:21 Result: /etc/ssh/sshd_config exists
2021-07-07 12:09:21 Test: check if we can access /etc/ssh/sshd_config (escaped: /etc/ssh/sshd_config)
2021-07-07 12:09:21 Result: file is not owned by current user ID (1004), but UID 0
2021-07-07 12:09:21 Result: file /etc/ssh/sshd_config is readable (or directory accessible).
2021-07-07 12:09:21 Result: using last found configuration file: /etc/ssh/sshd_config
2021-07-07 12:09:21 ====
2021-07-07 12:09:21 Performing test ID SSH-7406 (Determine OpenSSH version)
2021-07-07 12:09:21 Result: discovered OpenSSH version is 8.6
2021-07-07 12:09:21 Result: OpenSSH major version: 8
2021-07-07 12:09:21 Result: OpenSSH minor version: 6
2021-07-07 12:09:21 ====
2021-07-07 12:09:21 Performing test ID SSH-7408 (Check SSH specific defined options)
2021-07-07 12:09:21 Test: Checking specific defined options in /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:21 Test: Checking AllowTcpForwarding in /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:21 Result: Option AllowTcpForwarding not found in output
2021-07-07 12:09:22 Test: Checking ClientAliveCountMax in /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:22 Result: Option ClientAliveCountMax not found in output
2021-07-07 12:09:22 Test: Checking ClientAliveInterval in /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:22 Result: Option ClientAliveInterval not found in output
2021-07-07 12:09:22 Test: Checking Compression in /tmp/lynis.hWNlBgA7kA
2021-07-07 12:09:22 Result: Option Compression not found in output

Additional context
Executing sshd -T -C ... manually on the command line reveals

sshd -T -C user=doesnotexist,host=none,addr=none
sshd: no hostkeys available -- exiting.
@mboelen
Copy link
Member

mboelen commented Jul 7, 2021

Thanks for reporting. Do you know why it shows that there are no hostkeys available on your system? It SSH properly configured and running?

@mboelen mboelen self-assigned this Jul 7, 2021
@vinceoa
Copy link
Author

vinceoa commented Jul 7, 2021
edited
Loading

There certainly are keys under /etc/ssh/ all of them are root read only, as can be seen from the following strace output:

openat(AT_FDCWD, "/etc/ssh/ssh_host_rsa_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_rsa_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_rsa_key.pub", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=391, ...}, AT_EMPTY_PATH) = 0
read(3, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB"..., 4096) = 391
close(3)                                = 0
openat(AT_FDCWD, "/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_ecdsa_key.pub", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=171, ...}, AT_EMPTY_PATH) = 0
read(3, "ecdsa-sha2-nistp256 AAAAE2VjZHNh"..., 4096) = 171
close(3)                                = 0
openat(AT_FDCWD, "/etc/ssh/ssh_host_ed25519_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_ed25519_key", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/ssh/ssh_host_ed25519_key.pub", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=91, ...}, AT_EMPTY_PATH) = 0
read(3, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5"..., 4096) = 91
close(3)                                = 0
write(2, "sshd: no hostkeys available -- e"..., 41sshd: no hostkeys available -- exiting.
) = 41
exit_group(1)                           = ?
+++ exited with 1 +++

and ls:

ls -l /etc/ssh
total 600
-rw-r--r-- 1 root root 570321 Apr 19 12:32 moduli
-rw-r--r-- 1 root root   1531 Apr 19 12:32 ssh_config
-rw-r--r-- 1 root root   3140 Apr 19 12:32 sshd_config
-rw------- 1 root root   1373 Apr  5  2019 ssh_host_dsa_key
-rw-r--r-- 1 root root    599 Apr  5  2019 ssh_host_dsa_key.pub
-rw------- 1 root root    505 Apr  5  2019 ssh_host_ecdsa_key
-rw-r--r-- 1 root root    171 Apr  5  2019 ssh_host_ecdsa_key.pub
-rw------- 1 root root    399 Apr  5  2019 ssh_host_ed25519_key
-rw-r--r-- 1 root root     91 Apr  5  2019 ssh_host_ed25519_key.pub
-rw------- 1 root root   1811 Apr  5  2019 ssh_host_rsa_key
-rw-r--r-- 1 root root    391 Apr  5  2019 ssh_host_rsa_key.pub

I'm wondering if recent versions of openssh now exit(1); when running sshd -T -C user=doesnotexist,host=none,addr=none as a non-root user, when previously they did not?

Also of note, running that command as root yields config data, e.g.

sudo sshd -T -C user=doesnotexist,host=none,addr=none | wc -l
86

If its any help, i think this is when the change was introduced to sshd
https://github.com/openssh/openssh-portable/blob/V_7_4/sshd.c#L1710

v7.3 from my cursory checking did not have the exit(1);

@mboelen
Copy link
Member

mboelen commented Jul 8, 2021

Although the exit(1); might have been added, it is strange that it does not show anything.

What do you get to see as output when you run sshd -T as non-privileged user?

@vinceoa
Copy link
Author

vinceoa commented Jul 8, 2021

same,

sshd -T
sshd: no hostkeys available -- exiting.

@mboelen
Copy link
Member

mboelen commented Jul 21, 2021

Can you test the following:

  • Make a copy of your hostkeys
  • Run ssh-keygen -A
  • Run sshd -T
    Does that resolve the error message?

@vinceoa
Copy link
Author

vinceoa commented Aug 12, 2021

as a non privileged user i get:

vinceoa@dell: /home/vinceoa
➜   sshd -T
sshd: no hostkeys available -- exiting.
vinceoa@dell: /home/vinceoa
➜   ssh-keygen -A
vinceoa@dell: /home/vinceoa
➜   sshd -T
sshd: no hostkeys available -- exiting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
information-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mboelen @vinceoa