This is report for OpenSSH-7.7p1, but the version dropbox lacks this version. Probably also applicable for other versions. Running "make t-exec" test on NetBSD as non-root. This OS doesn't have /dev/ptmx, and relies on sshd(running as root) to chown the pty's ownership, so chown("/dev/ttyp1", myuid, ttygid) by sshd invoked by user privilege during the test will fail, unless /dev/ttyp1 had been chown'ed to the user by previous ssh login. run test key-options.sh seems to stumble on this: ======= run test key-options.sh ... key option command="echo bar" key option no-pty,command="echo bar" key option pty default key option failed default key option pty no-pty key option pty restrict key option pty restrict,pty key option failed restrict,pty key option environment key option from="127.0.0.1" key option from="127.0.0.0/8" key option expiry-time default key option expiry-time invalid key option expiry-time expired key option expiry-time valid failed key options *** Error code 1 ======== regress/failed-sshd.log: ... debug1: session_new: session 0 chown(/dev/ttyp1, 901, 4) failed: Operation not permitted debug1: do_cleanup debug1: session_pty_cleanup: session 0 release /dev/ttyp1 Attempt to write login records by non-root user (aborting) ... ======= steps to reproduce: - ssh otheruser@localhost, then logout, or just "chown root:tty /dev/ttyp1", to make next vacant pty slot to not be owned by the user. - make t-exec ;# the test ======= Workaround: Do "ssh localhost", then logout to fill the next vacant pty slot to be owned by myself. This made key-options.sh (and perhaps other tests) to pass. Running the test as root also works (but unrecommended for obvious reasons). I wonder whether this could be "fixed" or not.
Maybe we skip this pty bits of test on platforms that are known to break
Created attachment 3149 [details] Skip pty tests on platforms without openpty(3) This skips the pty parts of the test on platforms that lack openpty(3). The intent of this section of the test is solely to verify the options processing logic wrt "strict" and positive/negative options, so it doesn't need to run on every possible platform.
Patch applied - will be in OpenSSH 7.8
Tried out the OpenSSH-7.8; I'm still bitten by this bug/feature. Steps to reproduce: make t-exec Workaround: Do "ssh localhost", logout, then run the tests The longer output of the regress/failed-sshd.log: ==== debug3: receive packet: type 98 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 28 debug3: mm_request_receive entering debug3: monitor_read: checking request 28 debug3: mm_answer_pty entering debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 chown(/dev/ttyp2, 901, 4) failed: Operation not permitted ==== The pty_setowner() is called from monitor.c:mm_answer_pty() route. I have found out that my OS do have openpty(3), so the test exclusion fix wasn't working. I get some feeling that this couldn't be easily fixed, so I will use the workaround for now.