[Bug 3773] New: sshd-session rexec prevents live login after package uninstall

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3773

            Bug ID: 3773
           Summary: sshd-session rexec prevents live login after package
                    uninstall
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: spam at ipik.org

In a particular usecase to bootstrap a headless base system to be
remotely setup later, one needs a live sshd connection to perform the
final setup.
In order to have a clean system for install, openssh server is
installed, launched and uninstalled while service runs.

With new sessions authentication depending of unloaded binaries at
startup (such as /usr/lib/ssh/sshd-session hardcoded path), this kills
ability for clients to connect since 9.9p1 (was ok until at least
9.7p1):
fatal: rexec of /usr/lib/ssh/sshd-session failed: No such file or
directory

I can understand loading everything at startup and keeping in memory
may not be desirable.
In such particular usecase I could alias /usr/lib/ssh somewhere in
tmpfs and keep it there after uninstall (it won't harm later setup).
If sshd could use a resolved direct reference of the aliased files
instead of hard-coded paths at startup, this would probably restore a
functioning usecase.

Thanks for consideration.

(I assume it will be same with upcoming sshd-auth binary or al.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.