* [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) @ 2021-10-20 11:36 Steve 2021-10-20 12:01 ` Arnout Vandecappelle 0 siblings, 1 reply; 7+ messages in thread From: Steve @ 2021-10-20 11:36 UTC (permalink / raw) To: buildroot [-- Attachment #1: Type: text/html, Size: 1645 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) 2021-10-20 11:36 [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) Steve @ 2021-10-20 12:01 ` Arnout Vandecappelle 2021-10-20 13:38 ` Steve 0 siblings, 1 reply; 7+ messages in thread From: Arnout Vandecappelle @ 2021-10-20 12:01 UTC (permalink / raw) To: Steve, buildroot On 20/10/2021 13:36, Steve wrote: > Hello all, > > I recently downloaded buildroot and used the default config for RasperryPi3, > altered to add openssh, among a couple other things. > (no idea whether that matters, I am using a USB connection from the raspi > running g_cdc driver (ethernet + serial gadget), and am trying to ssh into it > from the USB host computer the raspi is plugged into) > > I have found that root ssh'ing into the machine is off by default. So I altered > the sshd_config to, for now, say yes to PermitRootLogin. (I'll look into how to > add a non-root user later - but this here *should* normally work, right? UNless > something is broken) > Still, on the computer that tries to SSH into the buildroot raspi, I get > "connection reset" immediately. > > There is a kernel message for each such attempt: > "audit: type=1326 audit (time...) auid=... uid=1000 gid=1000 ses=... pid=... > comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 > ip=... code=0x0" This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor, not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you did something weird there... Anyway, the problem is that your AppArmor or SELinux setup is not correct to allow sshd. The htop problem might be the same. Regards, Arnout > > (the dots replace numbers I guess are pointless to type) > > I searched a bit around and found threads in forums with similar seeming > problems but somewhat different numbers in the message, claims of some problem > with this stuff and libc6 and linux versions prior to 5.1, well if I "uname -a" > here, it says "5.10.46-v7", I guess that one should not have *that* problem, > unless it has nothing to do with that. > > Any ideas? > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot > _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) 2021-10-20 12:01 ` Arnout Vandecappelle @ 2021-10-20 13:38 ` Steve 2021-10-20 16:53 ` Peter Seiderer 0 siblings, 1 reply; 7+ messages in thread From: Steve @ 2021-10-20 13:38 UTC (permalink / raw) To: buildroot [-- Attachment #1: Type: text/html, Size: 5360 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) 2021-10-20 13:38 ` Steve @ 2021-10-20 16:53 ` Peter Seiderer 2021-10-20 16:54 ` Peter Seiderer 0 siblings, 1 reply; 7+ messages in thread From: Peter Seiderer @ 2021-10-20 16:53 UTC (permalink / raw) To: Steve; +Cc: buildroot Hello Steve, On Wed, 20 Oct 2021 15:38:08 +0200, Steve <sleepy_dog@gmx.de> wrote: > > > This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor, not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you did something weird there... > > > Anyway, the problem is that your AppArmor or SELinux setup is not correct to allow sshd. > > Ok, I was not aware I need to do any setup of those things beyond selecting them in menuconfig. > Need to look into that. > Any quick pointers? > > All I did after running raspberrypi3_defconfig was to select a bunch of extra packages. > To the aforementioned openssh, openvpn, nano, htop; also add gdb, gdbserver. > I also set things to external toolchain (the ARM 2021 GCC chain that was offered). This is maybe a known feature/bug of the combination of openssh and (some) external toolchains, see [1] for discussion, patch/hack to avoid the problem and/or the hint to use another/internal toolchain..., or use dropbear instead of openssh... Regards, Peter > In linux-menuconfig, I removed a lot of USB drivers I don't need, set stuff to gadget-only mode (I'm actually using a CM3+ module, no regular raspi3), and set DWC2 to load, stuff like that. > That's basically about it. > Since i don't know yet how to do that within buildroot, I then run a script to mount the 2 internal partitions within sdcard.img, overwrite the cmdline.txt and config.txt files in the boot partition with mine (which do some UART pin remap and tings like that; no change of other behavior), > and to the ext4 partition, the /root folder gets 2 of my custom executables copied into, the /etc/init.d folder gets an extra script calling one of those executables. > Then sync, umount, compress to 7z; and that's what I put on my raspi module. > From the log I see that my custom stuff gets executed as supposed, i.e. it is not (forever) blocking any of the other init.d stuff or something like that. > > I'm not aware of changes to the default behavior of things except the mentioned adding of packages and script. > In case I selected anything else in menuconfig which my have weird requirements, menuconfig would have told me so, I guess? (I have seen some warning about something a while back, I added in a requirement after finding the magic "show other packages" option or some such, and it stopped complaining) > > > > Von: "Arnout Vandecappelle" <arnout@mind.be> > > On 20/10/2021 13:36, Steve wrote: > > Hello all, > > > > I recently downloaded buildroot and used the default config for RasperryPi3, > > altered to add openssh, among a couple other things. > > (no idea whether that matters, I am using a USB connection from the raspi > > running g_cdc driver (ethernet + serial gadget), and am trying to ssh into it > > from the USB host computer the raspi is plugged into) > > > > I have found that root ssh'ing into the machine is off by default. So I altered > > the sshd_config to, for now, say yes to PermitRootLogin. (I'll look into how to > > add a non-root user later - but this here *should* normally work, right? UNless > > something is broken) > > Still, on the computer that tries to SSH into the buildroot raspi, I get > > "connection reset" immediately. > > > > There is a kernel message for each such attempt: > > "audit: type=1326 audit (time...) auid=... uid=1000 gid=1000 ses=... pid=... > > comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 > > ip=... code=0x0" > > This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor, > not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you > did something weird there... > > Anyway, the problem is that your AppArmor or SELinux setup is not correct to > allow sshd. > > The htop problem might be the same. > > Regards, > Arnout > > > > > (the dots replace numbers I guess are pointless to type) > > > > I searched a bit around and found threads in forums with similar seeming > > problems but somewhat different numbers in the message, claims of some problem > > with this stuff and libc6 and linux versions prior to 5.1, well if I "uname -a" > > here, it says "5.10.46-v7", I guess that one should not have *that* problem, > > unless it has nothing to do with that. > > > > Any ideas? > > > > _______________________________________________ > > buildroot mailing list > > buildroot@buildroot.org > > https://lists.buildroot.org/mailman/listinfo/buildroot > > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot > _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) 2021-10-20 16:53 ` Peter Seiderer @ 2021-10-20 16:54 ` Peter Seiderer 2021-10-20 17:31 ` Steve 0 siblings, 1 reply; 7+ messages in thread From: Peter Seiderer @ 2021-10-20 16:54 UTC (permalink / raw) To: Steve; +Cc: buildroot Hallo Steve, > > This is maybe a known feature/bug of the combination of openssh and (some) external > toolchains, see [1] for discussion, patch/hack to avoid the problem and/or > the hint to use another/internal toolchain..., or use dropbear instead of openssh... > > Regards, > Peter > And the missing link: [1] https://bugs.busybox.net/show_bug.cgi?id=13671 Regards, Peter _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) 2021-10-20 16:54 ` Peter Seiderer @ 2021-10-20 17:31 ` Steve 0 siblings, 0 replies; 7+ messages in thread From: Steve @ 2021-10-20 17:31 UTC (permalink / raw) To: buildroot [-- Attachment #1: Type: text/html, Size: 1120 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) @ 2021-10-20 15:43 Steve 0 siblings, 0 replies; 7+ messages in thread From: Steve @ 2021-10-20 15:43 UTC (permalink / raw) To: buildroot [-- Attachment #1: Type: text/html, Size: 6021 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-20 17:31 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-10-20 11:36 [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) Steve 2021-10-20 12:01 ` Arnout Vandecappelle 2021-10-20 13:38 ` Steve 2021-10-20 16:53 ` Peter Seiderer 2021-10-20 16:54 ` Peter Seiderer 2021-10-20 17:31 ` Steve -- strict thread matches above, loose matches on Subject: below -- 2021-10-20 15:43 Steve
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox