With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry in the Changelog may be responsible: 20010627 - (djm) Reintroduce pam_session call for non-pty sessions. Let me know if you need any additional info to track this down. Thanks, Brent Nelson Director of Computing Dept. of Physics University of Florida
Brent A Nelson wrote:> > With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh > machinename command" in general to any of my Suns! > > I tracked this down a bit; the problem occurs only when PAM support is > enabled. However, if I remove line 430 of session.c, > "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the > problem goes away. > > It looks like the following entry in the Changelog may be responsible: > > 20010627 > - (djm) Reintroduce pam_session call for non-pty sessions. > > Let me know if you need any additional info to track this down.What happens if you define PAM_TTY_KLUDGE and recompile? There are a number of bugs in some PAM modules (pam_time.so notably) where they really object when you don't give them a TTY. This define just makes OpenSSH give 'ssh' as the tty. (The OpenSSH team are really in a bind here, as they have one group of people - like me - who want those session modules used, and another group for whome it locks them out. As you noted the previous version changed in your favor, but it was changed back on complaints from other users and a 'discussion' on BugTraq). Hope this helps, Andrew Bartlett -- Andrew Bartlett abartlet at pcug.org.au Samba Team member, Build Farm maintainer abartlet at samba.org Student Network Administrator, Hawker College abartlet at hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
On 09/28/01 01:24 PM, Brent A Nelson wrote:> With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh > machinename command" in general to any of my Suns!Me too.> I tracked this down a bit; the problem occurs only when PAM support is > enabled. However, if I remove line 430 of session.c, > "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the > problem goes away. > > It looks like the following entry in the Changelog may be responsible: > > 20010627 > - (djm) Reintroduce pam_session call for non-pty sessions. > > Let me know if you need any additional info to track this down.FYI. If pam_unix is used then at least one of PAM_TTY or PAM_RHOST must be set before calling pam_open_session or it's considered a PAM_SESSION_ERR. Cheers!greg
Possibly Parallel Threads
- PAM problem - sshd segfault on Solaris
- openssh + pam errors (fwd)
- [Bug 83] PAM limits applied incorrectly (pam_session being called as non-root)
- lastlog on Solaris with PAM (patch included)
- 2.5.1p1 on Redhat Linux 6.2 using PAM does not log closing of session