Server Upgrade to Hardy causes ssh to fail on connect
I've just upgraded my server to hardy. Booted up all fine.
Attempted to ssh in. It showed the whole signon message and then cuts out with:
"Connection to 192.168.0.100 closed."
This happens the instant it connects.
Using webmin, I have found this in auth.log:
May 20 18:51:53 fileserver1 sshd[6237]: Connection from 192.168.0.102 port 46872
May 20 18:51:53 fileserver1 sshd[6237]: PAM unable to dlopen(
May 20 18:51:53 fileserver1 sshd[6237]: PAM [error: /lib/security/
May 20 18:51:53 fileserver1 sshd[6237]: PAM adding faulty module: /lib/security/
May 20 18:51:53 fileserver1 sshd[6237]: PAM unable to dlopen(
May 20 18:51:53 fileserver1 sshd[6237]: PAM [error: /lib/security/
May 20 18:51:53 fileserver1 sshd[6237]: PAM adding faulty module: /lib/security/
May 20 18:51:53 fileserver1 sshd[6237]: Found matching RSA key: 31:7f:21:
May 20 18:51:53 fileserver1 sshd[6237]: Found matching RSA key: 31:7f:21:
May 20 18:51:53 fileserver1 sshd[6237]: Accepted publickey for andrew from 192.168.0.102 port 46872 ssh2
May 20 18:51:53 fileserver1 sshd[6239]: pam_unix(
May 20 18:51:53 fileserver1 sshd[6239]: error: PAM: pam_open_session(): Module is unknown
May 20 18:51:53 fileserver1 sshd[6239]: Connection closed by 192.168.0.102
May 20 18:51:53 fileserver1 sshd[6239]: Closing connection to 192.168.0.102
Does anyone have any ideas?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu openssh Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- peterh
- Solved:
- 2008-11-02
- Last query:
- 2008-11-02
- Last reply:
- 2008-09-11
| Andrew Gee (andrewgee) said : | #1 |
I've managed to be able to login by changing the chroot PAM module to optional on webmin. I'm not sure if this is a security risk to remain unloaded, however.
Can someone help me in getting the chroot module working?
|
|
#2 |
recompile libpam_chroot with following patch
--- Makefile.orig 2008-06-04 11:57:39.000000000 +0200
+++ Makefile 2008-06-04 11:57:42.000000000 +0200
@@ -1,7 +1,7 @@
# $Id: Makefile,v 1.1.1.1 2004/05/05 00:07:47 schmolli Exp $
CC=gcc
-CFLAGS=-fPIC -O2 -Wall -Werror -pedantic
+CFLAGS=-fPIC -O2 -Wall -Werror -pedantic -fno-stack-
CPPFLAGS=-I.
LDFLAGS=-x --shared -lpam
DESTDIR=/
| Adam Bolte (boltronics) said : | #3 |
This patch appears to correct the problem for me (Ubuntu server 8.04.1, i686). Thanks!
Now on to the next problem.
sshd[4471]: fatal: ssh_selinux_
Bug 237557 it seems. This chroot business on Hardy is not easy...
| Andrew Gee (andrewgee) said : | #4 |
Thanks peterh, that solved my question.
| asphalt (asphalt123) said : | #5 |
Hello Experts,
i have the same problem, but i don't now how can i patch ibpam_chroot in ubuntu.
Can maybe helb me?
thx
| peterh (peter-holik) said : | #6 |
apt-get source libpam_chroot
sudo apt-get build-dep libpam-chroot
cd libpam_chroot...
change Makefile
dpkg-buildpackage -uc -us
cd ..
sudo dpkg -i libpam-
| asphalt (asphalt123) said : | #7 |
thx for your workout, but i can't login. the error messages are away.
this is my log in auth.log
Nov 12 16:00:52 esel sshd[13180]: Accepted password for gast from xxx.xxx.xxx.xxx port 3504 ssh2
Nov 12 16:00:52 esel sshd[13182]: pam_unix(
Nov 12 16:00:52 esel pam_chroot[13182]: session: reading config file (/etc/security/
Nov 12 16:00:52 esel pam_chroot[13182]: session: expanded path "/home/chroot" -> "/home/chroot"
Nov 12 16:00:52 esel pam_chroot[13182]: session: found chroot_dir "/home/chroot" for user "gast"
Nov 12 16:00:52 esel pam_chroot[13182]: session: preparing to chroot()
do you have an idea?
| peterh (peter-holik) said : | #8 |
My logs are:
Nov 12 16:16:59 XXX pam_chroot[1103]: session: reading config file (/etc/security/
Nov 12 16:16:59 XXX pam_chroot[1103]: session: expanded path "/var/chroot/sshd" -> "/var/chroot/sshd"
Nov 12 16:16:59 XXX pam_chroot[1103]: session: chroot(
Nov 12 16:16:59 XXX pam_chroot[1103]: session: found chroot_dir "/var/chroot/sshd" for user "gast"
Nov 12 16:16:59 XXX pam_chroot[1103]: session: returning success
Nov 12 16:16:59 XXX pam_chroot[1103]: session: preparing to chroot()
cat /etc/security/
gast /var/chroot/sshd
Does /home/chroot exist?
Did you build a chroot with libpam-
| asphalt (asphalt123) said : | #9 |
cat /etc/security/
gast /home/chroot
/home/chroot does exist
maybe here is an mistake, this are entries from a sooner ubuntu version
in orig /etc/passwd
gast:x:
and in /home/chroot/
gast:x:
| peterh (peter-holik) said : | #10 |
no mistake, i've also the same user in both /etc/passwd's
do you have this directories
/home/chroot/bin
/home/chroot/dev
/home/chroot/etc
/home/chroot/home
/home/chroot/lib
/home/chroot/proc
/home/chroot/usr
also with some files like
/home/chroot/
/home/chroot/
| peterh (peter-holik) said : | #11 |
no mistake, i've also the same user in both /etc/passwd's
do you have these directories
/home/chroot/bin
/home/chroot/dev
/home/chroot/etc
/home/chroot/home
/home/chroot/lib
/home/chroot/proc
/home/chroot/usr
also with some files like
/home/chroot/
/home/chroot/
| asphalt (asphalt123) said : | #12 |
yes, i have all this files. i need the chroot for remoie ssh access.
you too? do you have also ubuntu 8.04?
| peterh (peter-holik) said : | #13 |
yes
I suggest running sshd -ddd on the server side to get clear messages (with ssh stopped before)
| asphalt (asphalt123) said : | #14 |
what do you mean with ssh -ddd?
i checked my files in chroot directory and i saw that the file libc-2.7.so is not here
/tls │ 72│12. Nov 18.07 ●
libacl.so.1 │ 22544│12. Nov 18.18 ▒
libattr.so.1 │ 13592│12. Nov 18.18 ▒
libcom_err.so.2 │ 7444│12. Nov 18.18 ▒
libkeyutils.so.1 │ 5644│12. Nov 18.18 ▒
libncurses.so.5 │ 190584│12. Nov 18.18 ▒
libselinux.so.1
