ssh: cannot access private key stored in TPM (private-dev)

[qdii]

Description

Security freaks like me do like to store their SSH private keys in protected places. Most laptops nowadays come with a TPM, which can store them (see https://jade.fyi/blog/tpm-ssh/ for instance).

Steps to Reproduce

1. Follow the configuration guide for ssh with TPM2 linked above

2. Add the following configuration in ssh.local

   private-dev
   whitelist /usr/lib/libtss2-*
   

   Note: the SSH connection is also broken without adding these lines, but for a different reasons (no access to /dev/tpm0, no access to the libraries).

3. Run firejail ssh <some host>

Expected behavior

A SSH connection is opened to the host.

Actual behavior

An error message appears and no connection is established.

Behavior without a profile

A SSH connection is established.

Environment

• Arch Linux
• Firejail version 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

$ firejail ssh $host
fexecve: No such file or directory
Error: failed to run /run/firejail/lib/fseccomp, exiting...
Error: proc 18455 cannot sync with peer: unexpected EOF
Peer 18456 unexpectedly exited with status 1

[rusty-snake]

Instead of removing private-dev from profiles, we should enhance private-dev.

Proposal 1.

• private-dev includes TPM devices
• notpm blocks them

Proposal 2.

• private-dev supports subgroups.
  • private-dev only basic devices
  • private-dev tpm,video,3d basic with TPM devices, video devices and GPU.
• Unresolved to keep blacklisting approach.

[glitsj16]

@qdii

The ssh.profile in 0.9.72 already has private-dev, I don't get why you added it (once more) to your ssh.local. Unless you wanted to ignore private-dev?

[kmk3]

@rusty-snake on Jun 13:

Instead of removing private-dev from profiles, we should enhance
private-dev.

Agreed.

Proposal 1.

• private-dev includes TPM devices
• notpm blocks them

That makes sense, though why not reuse nou2f for this?

Aren't they used for the same use case?

Or is access to the tpm more critical than to u2f devices?

[glitsj16]

@rusty-snake

Instead of removing private-dev from profiles, we should enhance private-dev.

That's the way forward, fully agree.

I like Proposal 1.

[kmk3]

@qdii on Jun 13:

$ firejail ssh $host

When executing firejail directly, it's recommended to use the full path for the
program, to avoid calling firejail within firejail, as the program may already
be symlinked to firejail through firecfg (ssh -> /usr/local/bin/ssh ->
firejail).

For example:

firejail /usr/bin/ssh $host

[glitsj16]

Side note:

The linked blog entree mentions /etc/tpm2-tss and ${HOME}/.tpm2_pkcs11. We might want to protect these directories.

Sadly I don't have hardware with a TPM (for now) to actually check what OP can do to support their setup with the 0.9.72 ssh.profile.

[qdii]

I'm happy to be your testing monkey :) Just throw a config at me and I'll try.

[rusty-snake]

The linked blog entree mentions /etc/tpm2-tss and ${HOME}/.tpm2_pkcs11. We might want to protect these directories.

FWIW

$ cat /etc/tpm2-tss/fapi-config.json
{
     "profile_name": "P_ECCP256SHA256",
     "profile_dir": "/etc/tpm2-tss/fapi-profiles/",
     "user_dir": "~/.local/share/tpm2-tss/user/keystore",
     "system_dir": "/var/lib/tpm2-tss/system/keystore",
     "tcti": "",
     "system_pcrs" : [],
     "log_dir" : "/run/tpm2-tss/eventlog/",
     "firmware_log_file": "/dev/null",
     "ima_log_file": "/dev/null"
}

[qdii]

So far, my ssh.local looks like this:

# TPM access
private-dev
whitelist /usr/lib/libtss2-*
whitelist /etc/tpm2-tss
whitelist ${HOME}/.tpm2_pkcs11

However I always get the same error:

❯ firejail /usr/local/bin/ssh del
fexecve: No such file or directory
Error: failed to run /run/firejail/lib/fseccomp, exiting...
Error: proc 73198 cannot sync with peer: unexpected EOF
Peer 73199 unexpectedly exited with status 1

I'm not sure why fexecve fails like this?

[rusty-snake]

Guess ssh needs a few more libraries than libtss2-* like libc, libpcre2, libselinux, ...

[qdii]

Inspired by this comment, I extended ssh.local using the result of ldd:

❯ ldd /usr/local/bin/ssh
	linux-vdso.so.1 (0x0000794c4ea53000)
	libapparmor.so.1 => /usr/lib/libapparmor.so.1 (0x0000794c4e896000)
	libc.so.6 => /usr/lib/libc.so.6 (0x0000794c4e6aa000)
	libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x0000794c4e67d000)
	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x0000794c4ea55000)

cat ~/.config/firejail/ssh.local
private-dev
whitelist /usr/lib/libtss2-*
whitelist /etc/tpm2-tss
whitelist ${HOME}/.tpm2_pkcs11
whitelist /usr/lib/libc.*
whitelist /usr/lib/libapparmor.*
whitelist /usr/lib/libgcc_s.*
whitelist /usr/lib64/ld-linux-x86-64.so.2

Unfortunately this doesn't help much:

❯ firejail /usr/local/bin/ssh del
fexecve: No such file or directory
Error: failed to run /run/firejail/lib/fseccomp, exiting...
Error: proc 108872 cannot sync with peer: unexpected EOF
Peer 108873 unexpectedly exited with status 1

[rusty-snake]

Looks like /usr/lib*/firejail is missing.

I wouldn't mess with whitelisting in /usr/lib*

[kmk3]

@qdii on Jun 13:

2. Add the following configuration in ssh.local

   private-dev
   whitelist /usr/lib/libtss2-*
   

   Note: the SSH connection is also broken without adding these lines, but
   for a different reasons (no access to /dev/tpm0, no access to the
   libraries).

3. Run firejail ssh <some host>

Note that whitelisting a path also enables whitelisting in its base directory,
so unless the profile already has similar whitelisting commands, adding them is
likely to just lead to more breakage.

What is the output without any local modifications?

Example:

firejail --ignore='include ssh.local' --ignore='include globals.local' \
  /usr/bin/ssh $host

Also, if you use private-lib, make sure that it is not in effect.

@qdii on Jun 16:

Inspired by this comment, I extended ssh.local using the result of ldd:

❯ ldd /usr/local/bin/ssh
	linux-vdso.so.1 (0x0000794c4ea53000)
	libapparmor.so.1 => /usr/lib/libapparmor.so.1 (0x0000794c4e896000)
	libc.so.6 => /usr/lib/libc.so.6 (0x0000794c4e6aa000)
	libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x0000794c4e67d000)
	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x0000794c4ea55000)

See --trace= in the firejail manual, which is likely to be more helpful.

[qdii]

With no modification, SSH simply connects to the host:

❯ firejail --ignore='include ssh.local' --ignore='include globals.local'  /usr/bin/ssh ovh
Last login: Mon Jun 17 22:51:56 2024 from 81.6.34.64
...

If I understand correctly the previous comments, allowing libraries to be loaded is better done using private-lib than whitelist, so I modified my ssh.local file so that now it reads this:

# TPM access
whitelist /etc/tpm2-tss
whitelist ${HOME}/.tpm2_pkcs11

private-dev
private-lib /usr/lib/libtss2-*
private-lib /usr/lib/libc.*
private-lib /usr/lib/libapparmor.*
private-lib /usr/lib/libgcc_s.*
private-lib /usr/lib64/ld-linux-x86-64.so.2

Then executing gives this:

❯ firejail /usr/local/bin/ssh del
Error mount bind ld.so.preload: fs_trace.c:116 fs_trace: No such file or directory
Error: proc 26048 cannot sync with peer: unexpected EOF
Peer 26049 unexpectedly exited with status 1

[glitsj16]

If I understand correctly the previous comments, allowing libraries to be loaded is better done using private-lib than whitelist [...]

Be aware that private-lib is disabled by default in /etc/firejail/firejail.config:

[...]
# Enable or disable private-lib feature, default disabled
# private-lib no
[...]

FYI: after 0.9.72 things have changed even more and, besides the above, support for private-lib needs to be explicitly enabled during configure.

So although technically on 0.9.72 you can use it, the option isn't actively supported any longer. If you use it, keep eyes on this option whenever a 0.9.74 release hits your OS.

[kmk3]

@qdii on Jun 17:

With no modification, SSH simply connects to the host:

❯ firejail --ignore='include ssh.local' --ignore='include globals.local'  /usr/bin/ssh ovh
Last login: Mon Jun 17 22:51:56 2024 from 81.6.34.64
...

If I understand correctly the previous comments, allowing libraries to be
loaded is better done using private-lib than whitelist, so I modified my
ssh.local file so that now it reads this:

Modifying /usr/lib is rarely done and is likely not as tested, so unless you
know what you're doing and are able to debug and fix errors, I'd avoid doing
anything with /usr/lib in profiles.

As for the other entries, the whitelisting in ${HOME} is fine.

Though in /etc it is usually done with private-etc.

Try this in ssh.local:

whitelist ${HOME}/.ssh
whitelist ${HOME}/.tpm2_pkcs11

private-etc ssh,tpm2-tss

[qdii]

Ok, thanks for the explanation about private-lib and modifying /usr/lib.

❯ cat .config/firejail/ssh.local
whitelist ${HOME}/.tpm2_pkcs11
whitelist ${HOME}/.ssh
private-etc ssh,tpm2-tss

❯ firejail /usr/bin/ssh del
No user exists for uid 1000

[glitsj16]

private-etc ssh,tpm2-tss

No user exists for uid 1000

Looks like you need more from /etc than is currently allowed. Try adding group,login.defs,passwd to private-etc:

$ cat .config/firejail/ssh.local
whitelist ${HOME}/.tpm2_pkcs11
whitelist ${HOME}/.ssh
private-etc group,login.defs,passwd,ssh,tpm2-tss

[qdii]

OK I get a little further, but still no TPM

❯ cat .config/firejail/ssh.local
whitelist ${HOME}/.tpm2_pkcs11
whitelist ${HOME}/.ssh
private-etc ssh,tpm2-tss,group,login.defs,passwd

❯ firejail /usr/bin/ssh del

** (process:11): CRITICAL **: 21:18:46.830: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
WARNING: Listing FAPI token objects failed: "tcti:IO failure"
Please see https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.0/docs/FAPI.md for more details
WARNING: FAPI backend was not initialized.

** (process:11): CRITICAL **: 21:18:46.832: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
ERROR: Could not initialize tpm ctx: 0x5
ERROR: Getting tokens from esysdb backend failed.
C_Initialize for provider /usr/lib/pkcs11/libtpm2_pkcs11.so failed: 5

[qdii]

@kmk3

I think U2F and TPMs share the same goal, but do not always come in the same form factor:

• U2F is usually implemented via a USB device (Yubikey, Titan key)
• TPMs are usually chips on the motherboard

Binding the two in firejail would make it less flexible for the user to disable one without disabling the other, and currently now the source code relates U2F to USB devices: https://github.com/netblue30/firejail/blob/master/src/firejail/fs_dev.c#L92.

So I think distinguishing them is a better approach.

[kmk3]

@qdii on Jun 19:

OK I get a little further, but still no TPM

❯ cat .config/firejail/ssh.local
whitelist ${HOME}/.tpm2_pkcs11
whitelist ${HOME}/.ssh
private-etc ssh,tpm2-tss,group,login.defs,passwd

Sorry, in the previous comment I left out the default paths for private-etc,
which are now included by default (and also modified IIRC) in 0.9.73 (see
#5610).

There have been many changes to private-etc (among other things) since
0.9.72, so please use firejail-git (AUR) in this issue to ensure
reproducibility.

Also, does it work without private-etc?

❯ firejail /usr/bin/ssh del

** (process:11): CRITICAL **: 21:18:46.830: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
WARNING: Listing FAPI token objects failed: "tcti:IO failure"
Please see https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.0/docs/FAPI.md for more details
WARNING: FAPI backend was not initialized.

** (process:11): CRITICAL **: 21:18:46.832: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:229:socket_connect() Host localhost does not resolve to a valid address: -3: Temporary failure in name resolution 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
ERROR: Could not initialize tpm ctx: 0x5
ERROR: Getting tokens from esysdb backend failed.
C_Initialize for provider /usr/lib/pkcs11/libtpm2_pkcs11.so failed: 5

What is the output of the following commands?

firejail --trace=trace.txt --ignore='include ssh.local' /usr/bin/ssh -vvv $host
firejail --trace=trace_local.txt /usr/bin/ssh -vvv $host

What is the output in trace.txt and trace_local.txt?

[qdii]

Also, does it work without private-etc?

I actually don't see any difference in the output with or without private-etc

[qdii]

❯ firejail --trace=trace.txt --ignore='include ssh.local' /usr/bin/ssh -vvv $host
OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024
debug1: Reading configuration data /home/qdii/.ssh/config
debug1: /home/qdii/.ssh/config line 118: Applying options for vrt
debug1: /home/qdii/.ssh/config line 145: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 2: Including file /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug3: /etc/ssh/ssh_config line 2: Including file /etc/ssh/ssh_config.d/ssh-audit-hardening.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/ssh-audit-hardening.conf
debug3: kex names ok: [sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256]
debug2: resolve_canonicalize: hostname 192.168.2.50 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/qdii/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/qdii/.ssh/known_hosts2'
debug1: auto-mux: Trying existing master at '/home/qdii/.ssh/qdii@192.168.2.50:22'
Control socket connect(/home/qdii/.ssh/qdii@192.168.2.50:22): Transport endpoint is not connected
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.2.50 [192.168.2.50] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.

** (process:4): CRITICAL **: 23:53:13.864: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
WARNING: Listing FAPI token objects failed: "tcti:IO failure"
Please see https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.0/docs/FAPI.md for more details
WARNING: FAPI backend was not initialized.

** (process:4): CRITICAL **: 23:53:13.868: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
ERROR: Could not initialize tpm ctx: 0x5
ERROR: Getting tokens from esysdb backend failed.
C_Initialize for provider /usr/lib/pkcs11/libtpm2_pkcs11.so failed: 5
debug1: identity file /home/qdii/.ssh/id_rsa type 0
debug1: identity file /home/qdii/.ssh/id_rsa-cert type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/qdii/.ssh/id_ed25519 type -1
debug1: identity file /home/qdii/.ssh/id_ed25519-cert type -1
debug1: identity file /home/qdii/.ssh/id_ed25519_sk type -1
debug1: identity file /home/qdii/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/qdii/.ssh/id_xmss type -1
debug1: identity file /home/qdii/.ssh/id_xmss-cert type -1
debug1: identity file /home/qdii/.ssh/id_dsa type -1
debug1: identity file /home/qdii/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.7 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.50:22 as 'qdii'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1231976033.
debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt
debug3: send packet: type 1
ssh_dispatch_run_fatal: Connection to 192.168.2.50 port 22: message authentication code incorrect

❯ firejail --trace=trace_local.txt /usr/bin/ssh -vvv $host
OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024
debug1: Reading configuration data /home/qdii/.ssh/config
debug1: /home/qdii/.ssh/config line 118: Applying options for vrt
debug1: /home/qdii/.ssh/config line 145: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 2: Including file /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug3: /etc/ssh/ssh_config line 2: Including file /etc/ssh/ssh_config.d/ssh-audit-hardening.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/ssh-audit-hardening.conf
debug3: kex names ok: [sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256]
debug2: resolve_canonicalize: hostname 192.168.2.50 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/qdii/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/qdii/.ssh/known_hosts2'
debug1: auto-mux: Trying existing master at '/home/qdii/.ssh/qdii@192.168.2.50:22'
Control socket connect(/home/qdii/.ssh/qdii@192.168.2.50:22): Transport endpoint is not connected
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.2.50 [192.168.2.50] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.

** (process:5): CRITICAL **: 23:53:53.984: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
WARNING: Listing FAPI token objects failed: "tcti:IO failure"
Please see https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.0/docs/FAPI.md for more details
WARNING: FAPI backend was not initialized.

** (process:5): CRITICAL **: 23:53:53.986: failed to allocate dbus proxy object: Could not connect: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
ERROR: Could not initialize tpm ctx: 0x5
ERROR: Getting tokens from esysdb backend failed.
C_Initialize for provider /usr/lib/pkcs11/libtpm2_pkcs11.so failed: 5
debug1: identity file /home/qdii/.ssh/id_rsa type 0
debug1: identity file /home/qdii/.ssh/id_rsa-cert type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/qdii/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/qdii/.ssh/id_ed25519 type -1
debug1: identity file /home/qdii/.ssh/id_ed25519-cert type -1
debug1: identity file /home/qdii/.ssh/id_ed25519_sk type -1
debug1: identity file /home/qdii/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/qdii/.ssh/id_xmss type -1
debug1: identity file /home/qdii/.ssh/id_xmss-cert type -1
debug1: identity file /home/qdii/.ssh/id_dsa type -1
debug1: identity file /home/qdii/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.7 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.50:22 as 'qdii'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 192.168.2.50 port 22

[kmk3]

The original issue was about accessing the keys in the TPM, which should be
fixed by #6390.

As for issues arising from adding whitelisting, I'd suggest looking at the
output of --trace= to see what other paths libtss tries to access in
${HOME} and then try to whitelist those paths as well.

The libtss error messages unfortunately do not contain any paths, but it looks
like it might need access to dbus as well, so maybe ignore dbus-user none
could help.

[qdii]

True, the issue at hand is solved, I'll try with trace, and open another issue if it persists.