From owner-freebsd-stable@FreeBSD.ORG  Sat Mar  1 06:56:48 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8FB81AC0
 for <stable@freebsd.org>; Sat,  1 Mar 2014 06:56:48 +0000 (UTC)
Received: from mail-la0-f54.google.com (mail-la0-f54.google.com
 [209.85.215.54])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 16F331E45
 for <stable@freebsd.org>; Sat,  1 Mar 2014 06:56:47 +0000 (UTC)
Received: by mail-la0-f54.google.com with SMTP id mc6so3405421lab.27
 for <stable@freebsd.org>; Fri, 28 Feb 2014 22:56:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
 :subject:content-type:content-transfer-encoding;
 bh=SS1lnkQdDunnv3eD5s38BGSCHIl4YfXLavPqEpOnwYs=;
 b=V/pHf3kRQCLweNk8eUUgB5ZZhFN6rZo2H91rKvEnToe2YAMY+OxPEE3wTFwY2YOLYg
 mMjTT4s1HmOdGMBp5WvHfwV5XT5cfnEOK0BzFUrXmN/X7CH2RnZsPjrOjwgLOKMoRlM8
 OIbE246DcuHShP+pOBc9Hbb+93u13bGJvIe15FHaHpuRuujIo/2gH+fzjHnyadZ5KgrO
 nxKhXKaF/UCJS376BUKVjHsTf+241RDFfnyeEiB6YvGAjyo5LvXsR9rq4AFlUAZy6KuK
 GoGTS65xACUiAWwi/CrGW+atmYyiH9cZqEoT42Tj4RAFDN9l732hXUNklwT3gvz7W+hs
 bZ4g==
X-Gm-Message-State: ALoCoQkl2WBo3iKjifVeX+V4SltE8J3IOYB6H+EgIJ4R0nJj4G3uC3T7mg+MNgnN/ZCnuYCaZOaJ
X-Received: by 10.112.201.164 with SMTP id kb4mr13566765lbc.32.1393656999704; 
 Fri, 28 Feb 2014 22:56:39 -0800 (PST)
Received: from [192.168.1.2] ([89.169.173.68])
 by mx.google.com with ESMTPSA id mk5sm17703445lac.6.2014.02.28.22.56.38
 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 28 Feb 2014 22:56:39 -0800 (PST)
Message-ID: <531184A8.4050909@freebsd.org>
Date: Sat, 01 Mar 2014 10:56:40 +0400
From: Andrey Chernov <ache@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: des@freebsd.org, stable@freebsd.org
Subject: openssh in stable-10 broken config or sandbox
X-Enigmail-Version: 1.7a1pre
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Mar 2014 06:56:48 -0000

Hi.
Default /etc/ssh/sshd_config have
#UsePrivilegeSeparation sandbox
I.e. 'sandbox' by default. It breaks logins with error:
sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network socket [preauth]
Fixed by using old way, i.e. direct
UsePrivilegeSeparation yes
instead of 'sandbox'. Please fix this bug.

-- 
http://ache.vniz.net/