Recently I decided to buy a NanoPi R5S to use as a router, and, instead of using their default build which is based off OpenWRT called FriendlyWRT, I opted to use the regular OpenWRT.
However, since there's no mainline support for it yet, I opted to go with this fork, which does seem to work without problems for the most part.
Did my own build, managed to boot it, toyed around a bit and finally decided to replace the default dropbear SSH server with OpenSSH to have more features. As soon as I tried to connect with a password, I got a funky error on the client side. The relevant log lines from the client-side with -vvv are shown below:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@192.168.2.1's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
Authenticated to 192.168.2.1 ([192.168.2.1]:22) using "password".
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: send packet: type 1
client_loop: send disconnect: Broken pipe
And here are the logs from the server-side:
Sat Aug 5 23:29:07 2017 auth.info sshd[6449]: Server listening on 0.0.0.0 port 22.
Sat Aug 5 23:29:07 2017 auth.info sshd[6449]: Server listening on :: port 22.
Sat Aug 5 23:29:16 2017 auth.info sshd[6483]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Sat Aug 5 23:29:16 2017 auth.info sshd[6483]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Sat Aug 5 23:29:16 2017 auth.info sshd[6483]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Sat Aug 5 23:29:17 2017 auth.info sshd[6483]: Accepted password for root from 192.168.2.10 port 40942 ssh2
Sat Aug 5 23:29:17 2017 auth.crit sshd[6483]: fatal: ssh_sandbox_violation: unexpected system call (arch:0xc00000b7,syscall:66 @ 0xffff894f2370) [preauth]
Sat Aug 5 23:29:17 2017 auth.crit sshd[6483]: fatal: privsep_preauth: preauth child exited with status 1
For what's worth, I tried both building OpenSSH within the build itself, and also trying to download it from the official repos, both led to the same error.
I'm not really sure if this is a problem with OpenSSH itself, with the linux build I did, or something else, so any ideas are more than welcome. If this is not the best place to ask about this issue, a tip of where it'd better fit is also welcome 
So far I tried different kernel versions (6.0, 6.1 and the current RC for 6.2) to no avail.
I looked into OpenSSH source, and it seems that this error steams from this function, which led me to trying to disable seccomp and selinux in my build. Any combination of those being enabled/disabled didn't work.
I found other two issues (this and this) that may be somewhat related, which were solved by changing the UsePrivilegeSeparation sshd config parameter, however this parameter has been deprecated now, so it doesn't work either.
For the sake of it, I tried disabling and enabling random SSL/TLS related stuff in my build, however it didn't change anything either.
A possible solution would be to try to do a different build of OpenSSH, however this would imply in me either setting up a cross-compiling toolchain and building a static binary in my desktop (which would require more time than I have available) or setting up a toolchain in the device itself, which I believe would be unbearably slow and also require some effort that I'm not sure if it's worth it since the problem may lie elsewhere.