Comment 3 for bug 1686618

ubuntu@zlin42:~$ sudo sh -c "echo 'deb http://ports.ubuntu.com/ubuntu-ports $(lsb_release -sc)-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list"
ubuntu@zlin42:~$ sudo apt -y update -qq
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
ubuntu@zlin42:~$ apt list --upgradable
Listing... Done
linux-firmware/zesty-proposed 1.164.1 all [upgradable from: 1.164]
linux-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-headers-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-image-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22]
linux-libc-dev/zesty-proposed 4.10.0-21.23 s390x [upgradable from: 4.10.0-20.22]
openssh-client/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
openssh-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
openssh-sftp-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10]
snap-confine/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04]
snapd/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04]
sosreport/zesty-proposed 3.4-1~ubuntu17.04.1 s390x [upgradable from: 3.3+git50-g3c0349b-2]
unattended-upgrades/zesty-proposed 0.93.1ubuntu2.1 all [upgradable from: 0.93.1ubuntu2]
ubuntu@zlin42:~$
###
ubuntu@zlin42:~$ sudo vi /etc/ssh/sshd_config
ubuntu@zlin42:~$ sudo systemctl restart sshd
ubuntu@zlin42:~$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:7.4p1-10
  Candidate: 1:7.4p1-10ubuntu0.1
  Version table:
     1:7.4p1-10ubuntu0.1 500
        500 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x Packages
 *** 1:7.4p1-10 500
        500 http://us.ports.ubuntu.com/ubuntu-ports zesty/main s390x Packages
        100 /var/lib/dpkg/status
ubuntu@zlin42:~$

me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-20-generic s390x)

 * Documentation: https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support: https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.

Last login: Fri May 5 03:22:00 2017 from 10.172.66.66
ubuntu@zlin42:~$ exit
logout
Connection to zlin42 closed.
me@WS:~$

### activate hw crypto for ssl / ibmca engine
ubuntu@zlin42:~$ sudo vi /etc/ssl/openssl.cnf
# set: openssl_conf = openssl_def

ubuntu@zlin42:~$ openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
ubuntu@zlin42:~$

### negative test - expecting the problem to occur

me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.
me@WS:~$

ubuntu@zlin42:~$ sudo apt install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  openssh-client openssh-sftp-server
Suggested packages:
  keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh
The following packages will be upgraded:
  openssh-client openssh-server openssh-sftp-server
3 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
Need to get 928 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-sftp-server s390x 1:7.4p1-10ubuntu0.1 [38.0 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-server s390x 1:7.4p1-10ubuntu0.1 [316 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-client s390x 1:7.4p1-10ubuntu0.1 [574 kB]
Fetched 928 kB in 1s (722 kB/s)
Preconfiguring packages ...
(Reading database ... 134327 files and directories currently installed.)
Preparing to unpack .../openssh-sftp-server_1%3a7.4p1-10ubuntu0.1_s390x.deb ...
Unpacking openssh-sftp-server (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ...
Preparing to unpack .../openssh-server_1%3a7.4p1-10ubuntu0.1_s390x.deb ...
Unpacking openssh-server (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ...
Preparing to unpack .../openssh-client_1%3a7.4p1-10ubuntu0.1_s390x.deb ...
Unpacking openssh-client (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ...
Processing triggers for ufw (0.35-4) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (232-21ubuntu3) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up openssh-client (1:7.4p1-10ubuntu0.1) ...
Setting up openssh-sftp-server (1:7.4p1-10ubuntu0.1) ...
Setting up openssh-server (1:7.4p1-10ubuntu0.1) ...
ubuntu@zlin42:~$

ubuntu@zlin42:~$ exit
logout
Connection to zlin42 closed.
me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.
me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.
me@WS:~$

ubuntu@zlin42:~$ sudo systemctl restart sshd

### positive test, expecting the problem to be solved

me@WS:~$ ssh ubuntu@zlin42
ubuntu@zlin42's password:
Connection to zlin42 closed by remote host.
Connection to zlin42 closed.
me@WS:~$

### test/verification failed! - problem still exists

ubuntu@zlin42:~$ sudo apt list openssh-server
Listing... Done
openssh-server/zesty-proposed,now 1:7.4p1-10ubuntu0.1 s390x [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
ubuntu@zlin42:~$

ubuntu@zlin42:~$ sudo apt -a list openssh-server
Listing... Done
openssh-server/zesty-proposed,now 1:7.4p1-10ubuntu0.1 s390x [installed]
openssh-server/zesty 1:7.4p1-10 s390x

ubuntu@zlin42:~$

---

https://launchpad.net/ubuntu/+source/openssh/1:7.4p1-10ubuntu0.1

---

The workaround with:
ubuntu@s1lp15:~$ cat /etc/ssh/sshd_config | grep -i ^UsePrivilegeSeparation
UsePrivilegeSeparation yes

still works ...

Some further investigations needed ...