On Tue, 13 Aug 2019 07:37:29 +0200 Marc Haber <mh+debian-packa...@zugschlus.de> wrote: > Package: openssh-server > Version: 1:7.9p1-10 > Severity: minor > > Hi, > > I am running sshd with systemd socket activation, which is a > non-standard configuration, hence severity: minor. > > Since the buster upgrade, on a host that is hit by ssh brute force > attacks hundreds of times a day, I get "fatal: chroot("/run/sshd"): No > such file or directory [preauth]" log entries about three times a day. > > When I look, /run/sshd is there. It is also confusing that the message > does happen so seldomly, only in a very small fraction of cases. So it > must be an exotic race condition. > > sshd doesn't delete and recreate the privsep directory after a chrooted
> daemon exits, does it? I have also run into this problem. The reason is rather simple: systemd creates the RuntimeDirectory when the service starts, and deletes when it stops. Since it's an instanced unit activated by socket connection, multiple units access the same directory concurrently in a racy way. Instance A may delete the directory after instance B is started, but before it has chrooted into it, which causes the instance B to fail. The time window is small, so it happens rarely. Given that, RuntimeDirectoryPreserve=yes seems like the proper fix. /run/sshd problems with socket activation were previously addressed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872978, but it was an incomplete fix.