From Newsgroup: comp.security.ssh

Hi,

Involved OS: OpenBSD 7.7 latest patchlevel.

I noticed recently a new issue on my system, after upgrading to openssh
10.2. All outgoing calls are failing, such as:
ssh remote "do_something.sh"

Error:
ssh[61968]: pledge "inet", syscall 105
Abort trap (core dumped)

However, I can prevent that by calling a pseudo terminal, so it works (
'ish).

scp is not better:

scp $FILE remote:store

Error:
ssh[43871]: pledge "inet", syscall 32
scp: Connection closed

Any idea what is going on? I can ssh in and out (but not call remote
commands) and scp stuff in but not out. Bit puzzled. Scp works, as in
pulling from the box, but no sending from it. I tried various settings,
new installs of OpenSSH with blank configs, vanilla BSD ... nothing
seems to work. From my testing I can only say it started with release
10.1 of OpenSSH. The build instructions were followed.
--

Cheers,
G.

Quis custodiet ipsos custodes? ---------------------------->8------------------------------
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
---------------------------->8------------------------------

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.security.ssh

On 19/10/2025 20:15, Goetz Schultz wrote:

Hi,

Involved OS: OpenBSD 7.7 latest patchlevel.

I noticed recently a new issue on my system, after upgrading to openssh 10.2. All outgoing calls are failing, such as:
ssh remote "do_something.sh"

Error:
ssh[61968]: pledge "inet", syscall 105
Abort trap (core dumped)

However, I can prevent that by calling a pseudo terminal, so it works
( 'ish).

scp is not better:

scp $FILE remote:store

Error:
ssh[43871]: pledge "inet", syscall 32
scp: Connection closed

Any idea what is going on? I can ssh in and out (but not call remote commands) and scp stuff in but not out. Bit puzzled. Scp works, as in pulling from the box, but no sending from it. I tried various settings,
new installs of OpenSSH with blank configs, vanilla BSD ... nothing
seems to work. From my testing I can only say it started with release
10.1 of OpenSSH. The build instructions were followed.

To follow this up (done some digging), the issue appears in clientloop.c
by calling "client_repledge();". When I "disable" that function (add a "return;" as only action), the scp-funtion works fine. I thought this
may help.
The function appears to be introduced by openssh-10.1.
--

Cheers,
G.

Quis custodiet ipsos custodes? ---------------------------->8------------------------------
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
---------------------------->8------------------------------
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.security.ssh

On 20/10/2025 17:22, Goetz Schultz wrote:

On 19/10/2025 20:15, Goetz Schultz wrote:

Hi,

Involved OS: OpenBSD 7.7 latest patchlevel.

I noticed recently a new issue on my system, after upgrading to
openssh 10.2. All outgoing calls are failing, such as:
ssh remote "do_something.sh"

Error:
ssh[61968]: pledge "inet", syscall 105
Abort trap (core dumped)

However, I can prevent that by calling a pseudo terminal, so it works
( 'ish).

scp is not better:

scp $FILE remote:store

Error:
ssh[43871]: pledge "inet", syscall 32
scp: Connection closed

Any idea what is going on? I can ssh in and out (but not call remote
commands) and scp stuff in but not out. Bit puzzled. Scp works, as in
pulling from the box, but no sending from it. I tried various
settings, new installs of OpenSSH with blank configs, vanilla BSD ...
nothing seems to work. From my testing I can only say it started with
release 10.1 of OpenSSH. The build instructions were followed.

To follow this up (done some digging), the issue appears in clientloop.c
by calling "client_repledge();". When I "disable" that function (add a "return;" as only action), the scp-funtion works fine. I thought this
may help.
The function appears to be introduced by openssh-10.1.

Problem fixed itself with OpenBSD 7.8.
--

Cheers,
G.

Quis custodiet ipsos custodes? ---------------------------->8------------------------------
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
---------------------------->8------------------------------
--- Synchronet 3.21a-Linux NewsLink 1.2