[Bug 228065] New: connect via ssh impossible due to pam error
https://bugzilla.novell.com/show_bug.cgi?id=228065 Summary: connect via ssh impossible due to pam error Product: openSUSE 10.2 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: suse@rauch-webdesign.de QAContact: qa@suse.de I am not possible to connect to my box via ssh. Following errors come up in /var/log/messages on trying to connect via WinSCP: Dec 12 22:13:37 hellmsklamm sshd[29088]: Accepted keyboard-interactive/pam for rauch from 192.168.0.150 port 1055 ssh2 Dec 12 22:13:37 hellmsklamm sshd[29094]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid Dec 12 22:13:37 hellmsklamm sshd[29094]: pam_loginuid(sshd:session): set_loginuid failed Dec 12 22:13:37 hellmsklamm sshd[29094]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session Dec 12 22:13:37 hellmsklamm sshd[29094]: subsystem request for sftp Dec 12 22:15:01 hellmsklamm /usr/sbin/cron[29112]: pam_loginuid(crond:session): set_loginuid failed opening loginuid Dec 12 22:15:01 hellmsklamm /usr/sbin/cron[29112]: pam_loginuid(crond:session): set_loginuid failed Dec 12 22:15:01 hellmsklamm /usr/sbin/cron[29112]: Cannot make/remove an entry for the specified session These errors come up when trying to connect from another suse box via plain ssh: Dec 12 22:25:16 hellmsklamm sshd[29208]: Accepted publickey for rauch from 192.168.0.1 port 52669 ssh2 Dec 12 22:25:41 hellmsklamm sshd[29233]: Accepted publickey for rauch from 192.168.0.1 port 52670 ssh2 Dec 12 22:25:41 hellmsklamm sshd[29238]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid Dec 12 22:25:41 hellmsklamm sshd[29238]: pam_loginuid(sshd:session): set_loginuid failed Dec 12 22:25:41 hellmsklamm sshd[29238]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session The connection is closed immediately in both cases. Editing /etc/pam.d/sshd and commenting out the following line: session required pam_loginuid.so fixes the issue. pam_loginuid.so is installed by package pam-0.99.6.3 and exists here: hellmsklamm:~ # dir /lib64/security/pam_loginuid.so -rwxr-xr-x 1 root root 10488 25. Nov 12:59 /lib64/security/pam_loginuid.so -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com Status|NEW |NEEDINFO Info Provider| |suse@rauch-webdesign.de ------- Comment #1 from meissner@novell.com 2006-12-12 14:51 MST ------- what kernel do you use? ours? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 suse@rauch-webdesign.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|suse@rauch-webdesign.de | ------- Comment #2 from suse@rauch-webdesign.de 2006-12-12 14:59 MST ------- Yes, I do. rpm -qa | grep kernel kernel-source-2.6.18.2-34 linux-kernel-headers-2.6.18.2-3 kernel-default-2.6.18.2-34 uname -a Linux hellmsklamm 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #3 from meissner@novell.com 2006-12-12 15:08 MST ------- is /proc mounted? and exist /proc/<pid>/loginuid files? any special chroot magic? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #4 from suse@rauch-webdesign.de 2006-12-12 15:13 MST ------- Yes, /proc is mounted and loginuid exists with a 0 filesize (I am not logged in via ssh from anywhere now if that matters). No chrooting, just plain setup via mini-iso (installed vmware-server on this install afterwards, if this is of interest) ls -l /proc/29083 dr-xr-xr-x 2 root root 0 12. Dez 23:09 attr -r-------- 1 root root 0 12. Dez 23:09 auxv -r--r--r-- 1 root root 0 12. Dez 23:09 cmdline -r--r--r-- 1 root root 0 12. Dez 23:09 cpuset lrwxrwxrwx 1 root root 0 12. Dez 23:09 cwd -> / -r-------- 1 root root 0 12. Dez 23:09 environ lrwxrwxrwx 1 root root 0 12. Dez 22:13 exe -> /usr/sbin/sshd dr-x------ 2 root root 0 12. Dez 23:09 fd -rw-r--r-- 1 root root 0 12. Dez 23:09 loginuid -r--r--r-- 1 root root 0 12. Dez 23:09 maps -rw------- 1 root root 0 12. Dez 23:09 mem -r--r--r-- 1 root root 0 12. Dez 23:09 mounts -r-------- 1 root root 0 12. Dez 23:09 mountstats -r--r--r-- 1 root root 0 12. Dez 23:09 numa_maps -rw-r--r-- 1 root root 0 12. Dez 23:09 oom_adj -r--r--r-- 1 root root 0 12. Dez 23:09 oom_score lrwxrwxrwx 1 root root 0 12. Dez 23:09 root -> / -rw------- 1 root root 0 12. Dez 23:09 seccomp -r--r--r-- 1 root root 0 12. Dez 23:09 smaps -r--r--r-- 1 root root 0 12. Dez 22:13 stat -r--r--r-- 1 root root 0 12. Dez 22:13 statm -r--r--r-- 1 root root 0 12. Dez 23:09 status dr-xr-xr-x 3 root root 0 12. Dez 23:09 task -r--r--r-- 1 root root 0 12. Dez 23:09 wchan -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #5 from meissner@novell.com 2006-12-13 00:23 MST ------- i am puzzled a bit and am out of ideas :/ regular ssh logins work? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #6 from suse@rauch-webdesign.de 2006-12-13 00:28 MST ------- No. see initial report (second part "These errors come up when trying to connect from another suse box via plain ssh:"). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 chrubis@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |anicka@novell.com |screening@forge.provo.novell| |.com | Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 anicka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |suse@rauch-webdesign.de ------- Comment #7 from anicka@novell.com 2006-12-14 03:52 MST ------- Please attach ssh -vvv verbose output, sshd debug output, /etc/ssh/sshd_config and /etc/pam.d/sshd config files. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 suse@rauch-webdesign.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|suse@rauch-webdesign.de | Resolution| |WORKSFORME ------- Comment #9 from suse@rauch-webdesign.de 2006-12-14 04:28 MST ------- just reverted my change to /etc/pam.d/sshd to do so and it seems to work now, but don't ask me why... I have absolutely no idea. I installed all incoming patches yesterday and powered of my machine over night, maybe this has fixed some things? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 wolfgang@rosenauer.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | ------- Comment #10 from wolfgang@rosenauer.org 2007-01-02 04:07 MST ------- The same happens to me now. It started just while the machine was running. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 wolfgang@rosenauer.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Critical ------- Comment #11 from wolfgang@rosenauer.org 2007-01-02 04:10 MST ------- A not-trustworth SSH access is critical IMHO. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 wolfgang@rosenauer.org changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|anicka@novell.com |mc@novell.com Status|REOPENED |NEW ------- Comment #12 from wolfgang@rosenauer.org 2007-01-02 05:43 MST ------- Reassigning to PAM maintainer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #13 from wolfgang@rosenauer.org 2007-01-02 06:02 MST ------- tracked down to: open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = -1 EROFS (Read-only file system) Hygiea:~ # mount proc on /proc type proc (rw) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #14 from wolfgang@rosenauer.org 2007-01-02 06:06 MST ------- So it's probably a kernel issue instead a pam_loginuid one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #15 from wolfgang@rosenauer.org 2007-01-02 06:09 MST ------- Hygiea:~ # rpm -q kernel-default kernel-default-2.6.18.2-34 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 wolfgang@rosenauer.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Basesystem |Kernel ------- Comment #17 from wolfgang@rosenauer.org 2007-01-02 06:24 MST ------- OK, it definitely kernel: Hygiea:~ # echo 0 > /proc/sys/net/ipv4/ip_forward -bash: /proc/sys/net/ipv4/ip_forward: Das Dateisystem ist nur lesbar Please note that I haven't changed anything and can't find anything about it in dmesg. Hygiea:/proc # cat mounts rootfs / rootfs rw 0 0 udev /dev tmpfs rw 0 0 /dev/sda5 / ext3 rw,data=ordered 0 0 proc /proc proc ro 0 0 sysfs /sys sysfs rw 0 0 debugfs /sys/kernel/debug debugfs rw 0 0 devpts /dev/pts devpts rw 0 0 /dev/md0 /home reiserfs rw 0 0 /dev/sdb2 /local reiserfs rw 0 0 Something on this machine switched /proc to read-only but for sure not me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 wolfgang@rosenauer.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|connect via ssh impossible |connect via ssh impossible due to pam error |due to pam error |caused by read-only /proc -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #18 from meissner@novell.com 2007-01-04 05:14 MST ------- anmything suspicious in "dmesg" ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #19 from wolfgang@rosenauer.org 2007-01-04 05:29 MST ------- sorry, I've missed to write it here but there was absolutely nothing in dmesg -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #20 from wolfgang@rosenauer.org 2007-01-20 05:48 MST ------- It just happened again for me. Again I have no clue what caused it. I just was reading some mails and building an RPM and at some point I wanted to switch the X user and wasn't able to login again. Something is going on. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 andreas.hanke@gmx-topmail.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andreas.hanke@gmx-topmail.de ------- Comment #21 from andreas.hanke@gmx-topmail.de 2007-01-20 06:18 MST ------- (In reply to comment #20)
I just was reading some mails and building an RPM
That's it. It's a bug in "build". See bug 236216. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Comment #22 from meissner@novell.com 2007-01-20 09:16 MST ------- *** This bug has been marked as a duplicate of bug 236216 *** -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #23 from andreas.hanke@gmx-topmail.de 2007-01-20 09:50 MST ------- I'm not sure that this is really a duplicate. Bug 236216 is about the fact that once /proc somehow got remounted read-only, there are some problems. But the root cause of these problems is that "build" remounts /proc read-only. IMHO you should consider releasing a patched build.rpm for affected distributions (those which have a kernel that is recent enough so that it becomes an actual problem). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 mc@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|DUPLICATE | ------- Comment #24 from mc@novell.com 2007-01-22 03:23 MST ------- I reopen this bug, because of the reason above. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 mc@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|meissner@novell.com |mls@novell.com Status|REOPENED |NEW ------- Comment #25 from mc@novell.com 2007-01-22 03:24 MST ------- Reassign to mls: Please fix build.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 judas_iscariote@shorewall.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |judas_iscariote@shorewall.net ------- Comment #26 from judas_iscariote@shorewall.net 2007-02-01 18:02 MST ------- there is now an updated build.rpm in the buildservice. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #27 from poeml@novell.com 2007-02-05 08:16 MST ------- But, does it fix the bug? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 ------- Comment #28 from suse@rauch-webdesign.de 2007-02-05 08:29 MST ------- I just updated to the build-2007.01.26-13.1 from the buildservice and the error does not occur after running an build, so I assume it's fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=228065 poeml@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #29 from poeml@novell.com 2007-02-13 01:36 MST ------- Then I conclude that the bug is fixed, and can be resolved as such. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com