Hi all, Since upgrading my SSH jump host to the latest snap two days ago, its sshd has been logging these errors:
2018-06-25T19:47:35.716Z tuna.alm.weirdnet.nl tuna sshd[91261]: WARNING: line 6 disappeared in /etc/moduli, giving up As far as I can see, these are all caused by 'the internet' trying to log in: I've not had any problems with sshd misbehaving and when I log in no such warning is logged. It happened for 'Invalid user' (36x), 'Failed password' (8x), 'Connection closed' (1x) and 'fatal: Timeout before authentication' (1x) in the space of just over 2 days. It comes from this bit in usr.bin/ssh/dh.c: linenum = 0; which = arc4random_uniform(bestcount); while (getline(&line, &linesize, f) != -1) { linenum++; if (!parse_prime(linenum, line, &dhg)) continue; if ((dhg.size > max || dhg.size < min) || dhg.size != best || linenum++ != which) { BN_clear_free(dhg.g); BN_clear_free(dhg.p); continue; } break; } free(line); line = NULL; fclose(f); if (linenum != which+1) { logit("WARNING: line %d disappeared in %s, giving up", which, _PATH_DH_MODULI); return (dh_new_group_fallback(max)); } If I understand the logic correctly (note: I'm pretty sure I don't), then i don't quite see how this could happen unless the /etc/moduli file is changed between runs. Which it isn't. It smells like an off-by-one somehow, maybe when which == 0 or which == bestcount-1, but my read of this snippet doesn't spot such a problem. Also, I saw this one: 2018-06-25T18:01:30.410Z tuna.alm.weirdnet.nl tuna sshd[34906]: WARNING: line 0 disappeared in /etc/moduli, giving up Where which == 0... So .. why is this being logged? I'm tempted to change the log to include both bestcount too, but I rather not mess around with sshd on an important (to me) machine. I do note that r1.64 introduced the move from fgets to getline which touched this bit of code, so there may have been a problem there. Anyone an idea? Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/