You are not logged in.
Hello there,
I'm encountering an issue with sshd and would appreciate some assistance. When attempting to add any type of Match Block, such as:
Match address 172.72.15.0/24,172.72.16.10
    PermitRootLogin yesthe client connection is immediately terminated, and I'm seeing the following error in my logs:
Dez 23 06:16:08 archlinux sshd[941]: Connection from 172.72.15.10 port 60116 on 172.72.15.1 port 22 rdomain ""
Dez 23 06:16:08 archlinux kernel: sshd[941]: segfault at 0 ip 00005620a771bb3f sp 00007ffcf39d4b40 error 4 in sshd[5620a769a000+8c000] likely on CPU 3 (core 3, socket 0)
Dez 23 06:16:08 archlinux kernel: Code: d2 89 05 cc 81 05 00 45 8b 9e a8 05 00 00 45 85 db 0f 84 40 01 00 00 31 db 85 c0 74 23 66 0f 1f 44 00 00 48 8b 05 b9 81 05 00 <48> 8b 3c d8 48 83 c3 01 ff 15 53 6f 05 00 3b 1d 95 81 05 00 72 e3
Dez 23 06:16:08 archlinux systemd[1]: Started Process Core Dump (PID 943/UID 0).
Dez 23 06:16:08 archlinux systemd-coredump[944]: [?] Process 941 (sshd) of user 0 dumped core.
                                                   
                                                   Stack trace of thread 941:
                                                   #0  0x00005620a771bb3f n/a (sshd + 0x8cb3f)
                                                   #1  0x00005620a7716d32 n/a (sshd + 0x87d32)
                                                   #2  0x00005620a76ae511 n/a (sshd + 0x1f511)
                                                   #3  0x00005620a76c3033 n/a (sshd + 0x34033)
                                                   #4  0x00005620a76c83cf n/a (sshd + 0x393cf)
                                                   #5  0x00005620a769f6d2 n/a (sshd + 0x106d2)
                                                   #6  0x00005620a769cef4 n/a (sshd + 0xdef4)
                                                   #7  0x00007f0c370ffcd0 n/a (libc.so.6 + 0x27cd0)
                                                   #8  0x00007f0c370ffd8a __libc_start_main (libc.so.6 + 0x27d8a)
                                                   #9  0x00005620a769eff5 n/a (sshd + 0xfff5)
                                                   ELF object binary architecture: AMD x86-64
Dez 23 06:16:08 archlinux systemd[1]: systemd-coredump@3-943-0.service: Deactivated successfully.Does anyone have ideas on how to resolve this issue? Your insights would be greatly appreciated!
Solution:
Move the match to the end of the file, otherwise the subsystem would become part of it.
Last edited by Wind8000 (2023-12-23 09:37:42)
Offline

https://wiki.archlinux.org/title/Debugg … Debuginfod
"Address" is supposed to be UpperCase and I'm not positive about the indention there
Is the match block at the end of the file and is there a trailing newline?
(Can you post the entire config?)
That being said, any of the above certainly should™ not crash sshd and it should™ handle this gracefully and tell you to fix your config…
Online
Here's my sshd_config file:
AuthorizedKeysFile	.ssh/authorized_keys
PermitRootLogin no
Match Address 172.72.15.0/24,172.72.16.10
	PermitRootLogin yes
Subsystem	sftp	/usr/lib/ssh/sftp-serverI've removed the comments from the config file. I've tested it with various configurations, including a single IP, an IP range, and other options such as
Match User usernameI even experimented with different settings within the block, like:
Match Address 172.72.15.0/24,172.72.16.10
	X11Forwarding yesHowever, despite these attempts, the issue persists.
Offline

Move the match to the end of the file, otherwise the subsystem would become part of it.
Online

Match blocks should be at end of file (so in your case, below Subsystem sftp line, not above it).
Even so, like seth already mentioned, Segfaults are not really a configuration issue, just a bug (or hardware issue). If you can reproduce segfaults in sshd with a given config, it should be reported as a bug...
Just in case, run a memtest and check file integrity of all packages (binaries, libraries, etc)?
Last edited by frostschutz (2023-12-23 08:48:16)
Offline
That resolved it. I truly appreciate your help. I didn't expect the solution to be that simple.
Offline

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Online
I reproduced the issue on both a virtual machine hosted by another PC and my laptop, both running Arch Linux. I will proceed to submit a bug report to address this issue.
And I will mark this as resolved.
Last edited by Wind8000 (2023-12-23 09:33:10)
Offline

Mod note: moving to network/server/protection.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline