OpenSSH sshd killed by Shepherd 0.4.0
(address . bug-guix@gnu.org)
Since the update to Shepherd 0.4.0, I've found that OpenSSH's sshd is
killed almost immediately after it starts with signal 15. I confirmed
the issue started with the Shepherd upgrade by bisecting our Git
history.
I can reproduce the issue from commit
b6beda1d6b9093a8493b5c3cde33ed522242c451 (gnu: Add botan.).
One interesting tidbit is that the PID file '/var/run/sshd.pid' is not
created anymore. And if I create an empty PID file by hand, it is
removed after trying to start the ssh-daemon service. Also, the sshd
user's home '/var/run/sshd' does not exist, and is similarly removed if
it does exist.
I ran the OpenSSH system test `make check-system TESTS=openssh` and it
failed when it could not find the PID file. It passed on another
non-GuixSD machine. The failing machine is relatively slow and lacks
KVM: a ThinkPad x200s.
After boot, trying to start the service again with `herd start
ssh-daemon` gives the same result.
I modified the sshd invocation to print some debug output ('-d -E
/tmp/sshd.log') and this is what it shows:
------
debug1: sshd version OpenSSH_7.6, OpenSSL 1.0.2o 27 Mar 2018
debug1: private host key #0: ssh-rsa SHA256:REDACTED
debug1: private host key #1: ssh-dss SHA256:REDACTED
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:REDACTED
debug1: private host key #3: ssh-ed25519 SHA256:REDACTED
debug1: rexec_argv[0]='/gnu/store/az7vib8gk16fybhshh5xpkljmgxyrs4k-openssh-7.6p1/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-E'
debug1: rexec_argv[4]='/tmp/sshd.log'
debug1: rexec_argv[5]='-f'
debug1: rexec_argv[6]='/gnu/store/miy7xg5j4fg3mn04mcl27awmcl6s97ss-sshd_config'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Received signal 15; terminating.
------
My system configuration file, the shepherd log messages, and the OpenSSH
system test logs are attached. Any ideas?
Mar 29 15:47:32 localhost shepherd[1]: Service syslogd has been started.
Mar 29 15:47:33 localhost shepherd[1]: Service loopback has been started.
Mar 29 15:47:34 localhost shepherd[1]: Service virtual-terminal has been started.
Mar 29 15:47:35 localhost shepherd[1]: Service term-tty6 has been started.
Mar 29 15:47:35 localhost shepherd[1]: Service term-tty5 has been started.
Mar 29 15:47:36 localhost shepherd[1]: Service term-tty4 has been started.
Mar 29 15:47:38 localhost shepherd[1]: Service term-tty3 has been started.
Mar 29 15:47:39 localhost shepherd[1]: Service term-tty2 has been started.
Mar 29 15:47:41 localhost shepherd[1]: Service term-tty1 has been started.
Mar 29 15:47:43 localhost shepherd[1]: Service term-auto could not be started.
Mar 29 15:47:44 localhost shepherd[1]: Service console-font-tty1 has been started.
Mar 29 15:47:46 localhost shepherd[1]: Service console-font-tty2 has been started.
Mar 29 15:47:48 localhost shepherd[1]: Service console-font-tty3 has been started.
Mar 29 15:47:49 localhost shepherd[1]: Service console-font-tty4 has been started.
Mar 29 15:47:50 localhost shepherd[1]: Service console-font-tty5 has been started.
Mar 29 15:47:50 localhost shepherd[1]: Service console-font-tty6 has been started.
Mar 29 15:47:51 localhost shepherd[1]: Service dbus-system has been started.
Mar 29 15:47:51 localhost shepherd[1]: Service networking has been started.
Mar 29 15:47:52 localhost shepherd[1]: Service ntpd has been started.
Mar 29 15:47:56 localhost shepherd[1]: Service ssh-daemon could not be started.
Mar 29 15:47:59 localhost shepherd[1]: Service gpm has been started.
Mar 29 15:48:29 localhost vmunix: [ 5.486795] shepherd[1]: Service root has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.379651] shepherd[1]: starting services...
Mar 29 15:48:29 localhost vmunix: [ 7.381562] shepherd[1]: Service root-file-system has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.383337] shepherd[1]: Service user-file-systems has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.625406] shepherd[1]: Service file-system-/home has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.627645] shepherd[1]: Service file-system-/dev/pts has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.629909] shepherd[1]: Service file-system-/dev/shm has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.632089] shepherd[1]: Service file-system-/gnu/store has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.633924] shepherd[1]: Service file-systems has been started.
Mar 29 15:48:29 localhost vmunix: [ 7.731477] shepherd[1]: waiting for udevd...
Mar 29 15:48:29 localhost vmunix: [ 8.331344] shepherd[1]: Service udev has been started.
Mar 29 15:48:30 localhost vmunix: [ 8.446599] shepherd[1]: Service urandom-seed has been started.
Mar 29 15:48:30 localhost vmunix: [ 8.448462] shepherd[1]: Service user-processes has been started.
Mar 29 15:48:30 localhost vmunix: [ 8.450424] shepherd[1]: Service host-name has been started.
Mar 29 15:48:30 localhost vmunix: [ 8.546746] shepherd[1]: Service user-homes could not be started.
Mar 29 15:48:30 localhost vmunix: [ 9.554051] shepherd[1]: Service nscd has been started.
Mar 29 15:48:30 localhost vmunix: [ 9.606182] shepherd[1]: Service guix-daemon has been started.
Mar 29 15:49:21 localhost shepherd[1]: Respawning term-tty2.
Mar 29 15:49:21 localhost shepherd[1]: Service term-tty2 has been started.
Mar 29 15:49:28 localhost shepherd[1]: Respawning term-tty1.
Mar 29 15:49:28 localhost shepherd[1]: Service term-tty1 has been started.
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(use-modules (gnu))
(use-service-modules networking
dbus
ssh
sysctl)
(use-package-modules certs
curl
ssh
rsync
tmux
version-control
vim)
(operating-system
(host-name "computer")
(timezone "America/New_York")
(locale "en_US.UTF-8")
(kernel-arguments
'(;; Console resolution
"gfxpayload=1440x900x16,1440x900"
;; console cursor. stops the blinking but the colors are bad
"vt.cur.default=0x520032"
"consoleblank=120"
"quiet"))
;; Assuming /dev/sdX is the target hard disk, and "my-root" is
;; the label of the target root file system.
(bootloader (grub-configuration (target "/dev/sda")
(terminal-outputs '(console))))
(file-systems (cons* (file-system
(device "my-root")
(title 'label)
(mount-point "/")
(type "ext4"))
(file-system
(device "home")
(title 'label)
(mount-point "/home")
(type "ext4"))
%base-file-systems))
;; This is where user accounts are specified. The "root"
;; account is implicit, and is initially created with the
;; empty password.
(users (cons (user-account
(name "leo")
(comment "")
(group "users")
;; Adding the account to the "wheel" group
;; makes it a sudoer. Adding it to "audio"
;; and "video" allows the user to play sound
;; and access the webcam.
(supplementary-groups '("wheel" "netdev" "audio"))
(home-directory (string-append "/home/" name)))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* curl
git
openssh
mosh
nss-certs
rsync
tmux
vim
%base-packages))
(services
(cons* (dbus-service)
(gpm-service)
(service openssh-service-type
(openssh-configuration
(password-authentication? #f)))
(ntp-service)
(wicd-service)
(modify-services %base-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls '("https://berlin.guixsd.org https://mirror.hydra.gnu.org"))))))))
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlq9R6AACgkQJkb6MLrK
fwjYhxAAspQ8Xkb3/m2SOEAQM9jRw1OwhshfiH8o0fwNywt4wEFV/xTTVwIG1PS0
/GoOPp7P9Yaf82mOX3BuuykFmAE+DLtP4Ee2rwLFA/vM7rMAkLaGjId7h/e/L+M4
7XBVT2esgCkKwD2hM5zWiMUWF+7YsoV4jRh9u0YZ28B8mmAxqTgArSsgl94Z+Y4l
Fh6WPt1ztTyRgn0P3GiWwdqNeHMNXeLwX2/jA7XtpGv0jin/dSkIX//dzC4cXqVB
3jB05GlgOdlYvMMijx/bGPf2RBhUtWya48fbPaCI+GCZHAZr/fR9weUF5lTFyjQ8
lpo3rehm1ED3D264ocnoTxMMktlJdNPmXoX2W9Lz3cQU6KuUNTSWTV6mmCxTbCaS
nQosqZvc8kLxdlY6lEO6Xs2E6y2v7qLTkuA+BZEv5zsOzSTMzGIN6XYODmdoFcv9
E9z5oFxHaUn+BnpfrfM0hCLIH8XbjVhRkmlJU2J4pkFLC7yiw0OglG+FwIq9vYgb
IOwxF2M2hcnSAuUgJjLh/vlGun2yXvb2SwcjGX7+a2Q8XL4Vp8rTTRXTYO0EwlR1
GMJl5TgJBq8iExTLJLtBybcKhO1cReIQq1YlXWjrao9ckqzZeyo/lacpyQibrcdU
0okRQAPdL1NnRyBoyu/9cqLdR6DrPExJxL/AEvMtaMWYlL4Jios=
=t4kS
-----END PGP SIGNATURE-----