* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
@ 2021-10-20 15:43 Steve
0 siblings, 0 replies; 7+ messages in thread
From: Steve @ 2021-10-20 15:43 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/html, Size: 6021 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
2021-10-20 16:54 ` Peter Seiderer
@ 2021-10-20 17:31 ` Steve
0 siblings, 0 replies; 7+ messages in thread
From: Steve @ 2021-10-20 17:31 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/html, Size: 1120 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
2021-10-20 16:53 ` Peter Seiderer
@ 2021-10-20 16:54 ` Peter Seiderer
2021-10-20 17:31 ` Steve
0 siblings, 1 reply; 7+ messages in thread
From: Peter Seiderer @ 2021-10-20 16:54 UTC (permalink / raw)
To: Steve; +Cc: buildroot
Hallo Steve,
>
> This is maybe a known feature/bug of the combination of openssh and (some) external
> toolchains, see [1] for discussion, patch/hack to avoid the problem and/or
> the hint to use another/internal toolchain..., or use dropbear instead of openssh...
>
> Regards,
> Peter
>
And the missing link:
[1] https://bugs.busybox.net/show_bug.cgi?id=13671
Regards,
Peter
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
2021-10-20 13:38 ` Steve
@ 2021-10-20 16:53 ` Peter Seiderer
2021-10-20 16:54 ` Peter Seiderer
0 siblings, 1 reply; 7+ messages in thread
From: Peter Seiderer @ 2021-10-20 16:53 UTC (permalink / raw)
To: Steve; +Cc: buildroot
Hello Steve,
On Wed, 20 Oct 2021 15:38:08 +0200, Steve <sleepy_dog@gmx.de> wrote:
>
> > This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor, not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you did something weird there...
>
> > Anyway, the problem is that your AppArmor or SELinux setup is not correct to allow sshd.
>
> Ok, I was not aware I need to do any setup of those things beyond selecting them in menuconfig.
> Need to look into that.
> Any quick pointers?
>
> All I did after running raspberrypi3_defconfig was to select a bunch of extra packages.
> To the aforementioned openssh, openvpn, nano, htop; also add gdb, gdbserver.
> I also set things to external toolchain (the ARM 2021 GCC chain that was offered).
This is maybe a known feature/bug of the combination of openssh and (some) external
toolchains, see [1] for discussion, patch/hack to avoid the problem and/or
the hint to use another/internal toolchain..., or use dropbear instead of openssh...
Regards,
Peter
> In linux-menuconfig, I removed a lot of USB drivers I don't need, set stuff to gadget-only mode (I'm actually using a CM3+ module, no regular raspi3), and set DWC2 to load, stuff like that.
> That's basically about it.
> Since i don't know yet how to do that within buildroot, I then run a script to mount the 2 internal partitions within sdcard.img, overwrite the cmdline.txt and config.txt files in the boot partition with mine (which do some UART pin remap and tings like that; no change of other behavior),
> and to the ext4 partition, the /root folder gets 2 of my custom executables copied into, the /etc/init.d folder gets an extra script calling one of those executables.
> Then sync, umount, compress to 7z; and that's what I put on my raspi module.
> From the log I see that my custom stuff gets executed as supposed, i.e. it is not (forever) blocking any of the other init.d stuff or something like that.
>
> I'm not aware of changes to the default behavior of things except the mentioned adding of packages and script.
> In case I selected anything else in menuconfig which my have weird requirements, menuconfig would have told me so, I guess? (I have seen some warning about something a while back, I added in a requirement after finding the magic "show other packages" option or some such, and it stopped complaining)
>
>
>
> Von: "Arnout Vandecappelle" <arnout@mind.be>
>
> On 20/10/2021 13:36, Steve wrote:
> > Hello all,
> >
> > I recently downloaded buildroot and used the default config for RasperryPi3,
> > altered to add openssh, among a couple other things.
> > (no idea whether that matters, I am using a USB connection from the raspi
> > running g_cdc driver (ethernet + serial gadget), and am trying to ssh into it
> > from the USB host computer the raspi is plugged into)
> >
> > I have found that root ssh'ing into the machine is off by default. So I altered
> > the sshd_config to, for now, say yes to PermitRootLogin. (I'll look into how to
> > add a non-root user later - but this here *should* normally work, right? UNless
> > something is broken)
> > Still, on the computer that tries to SSH into the buildroot raspi, I get
> > "connection reset" immediately.
> >
> > There is a kernel message for each such attempt:
> > "audit: type=1326 audit (time...) auid=... uid=1000 gid=1000 ses=... pid=...
> > comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0
> > ip=... code=0x0"
>
> This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor,
> not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you
> did something weird there...
>
> Anyway, the problem is that your AppArmor or SELinux setup is not correct to
> allow sshd.
>
> The htop problem might be the same.
>
> Regards,
> Arnout
>
> >
> > (the dots replace numbers I guess are pointless to type)
> >
> > I searched a bit around and found threads in forums with similar seeming
> > problems but somewhat different numbers in the message, claims of some problem
> > with this stuff and libc6 and linux versions prior to 5.1, well if I "uname -a"
> > here, it says "5.10.46-v7", I guess that one should not have *that* problem,
> > unless it has nothing to do with that.
> >
> > Any ideas?
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
> >
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
2021-10-20 12:01 ` Arnout Vandecappelle
@ 2021-10-20 13:38 ` Steve
2021-10-20 16:53 ` Peter Seiderer
0 siblings, 1 reply; 7+ messages in thread
From: Steve @ 2021-10-20 13:38 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/html, Size: 5360 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
2021-10-20 11:36 Steve
@ 2021-10-20 12:01 ` Arnout Vandecappelle
2021-10-20 13:38 ` Steve
0 siblings, 1 reply; 7+ messages in thread
From: Arnout Vandecappelle @ 2021-10-20 12:01 UTC (permalink / raw)
To: Steve, buildroot
On 20/10/2021 13:36, Steve wrote:
> Hello all,
>
> I recently downloaded buildroot and used the default config for RasperryPi3,
> altered to add openssh, among a couple other things.
> (no idea whether that matters, I am using a USB connection from the raspi
> running g_cdc driver (ethernet + serial gadget), and am trying to ssh into it
> from the USB host computer the raspi is plugged into)
>
> I have found that root ssh'ing into the machine is off by default. So I altered
> the sshd_config to, for now, say yes to PermitRootLogin. (I'll look into how to
> add a non-root user later - but this here *should* normally work, right? UNless
> something is broken)
> Still, on the computer that tries to SSH into the buildroot raspi, I get
> "connection reset" immediately.
>
> There is a kernel message for each such attempt:
> "audit: type=1326 audit (time...) auid=... uid=1000 gid=1000 ses=... pid=...
> comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0
> ip=... code=0x0"
This comes from SELinux. However, the raspberrypi3_defconfig enables AppArmor,
not SELinux (and AFAIK AppArmor doesn't give messages like this). So somehow you
did something weird there...
Anyway, the problem is that your AppArmor or SELinux setup is not correct to
allow sshd.
The htop problem might be the same.
Regards,
Arnout
>
> (the dots replace numbers I guess are pointless to type)
>
> I searched a bit around and found threads in forums with similar seeming
> problems but somewhat different numbers in the message, claims of some problem
> with this stuff and libc6 and linux versions prior to 5.1, well if I "uname -a"
> here, it says "5.10.46-v7", I guess that one should not have *that* problem,
> unless it has nothing to do with that.
>
> Any ideas?
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end)
@ 2021-10-20 11:36 Steve
2021-10-20 12:01 ` Arnout Vandecappelle
0 siblings, 1 reply; 7+ messages in thread
From: Steve @ 2021-10-20 11:36 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/html, Size: 1645 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-20 17:31 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-20 15:43 [Buildroot] openssh - kernel messages upon connection attempts (always ending with "connection reset" at the other end) Steve
-- strict thread matches above, loose matches on Subject: below --
2021-10-20 11:36 Steve
2021-10-20 12:01 ` Arnout Vandecappelle
2021-10-20 13:38 ` Steve
2021-10-20 16:53 ` Peter Seiderer
2021-10-20 16:54 ` Peter Seiderer
2021-10-20 17:31 ` Steve
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.