The ulimit problem appears to have reared its head again with openssh-1.2.3, under Red Hat Linux 6.1 (kernel-2.2.12, glibc-2.1.2, egcs-1.1.2, openssl-0.9.5, pam-0.68, pwdb-0.60): $ telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-OpenSSH-1.2.3 ^] telnet> quit Connection closed. $ ssh localhost Last login: Wed Mar 29 01:10:36 2000 from quipu.earth You have mail. ulimit: cannot raise limit: Operation not permitted ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Reading ~/.bashrc ... Reading ~/.profile ... today is Wed Mar 29 01:11:07 EST 2000 $ The error message is caused by the following line in /etc/profile: $ grep ulimit /etc/profile ulimit -c 1000000 $ With openssh-1.2.2 on the same system, the problem doesn't exhibit itself: $ telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-OpenSSH-1.2.2 ^] telnet> quit Connection closed. $ ssh localhost Last login: Wed Mar 29 01:11:05 2000 from quipu.earth You have mail. Reading ~/.bashrc ... Reading ~/.profile ... today is Wed Mar 29 01:18:30 EST 2000 $ The last time this happened, i solved the problem by putting an appropriate directive in /etc/security/limits.conf to allow core dumps: # grep '^[^#].*core' /etc/security/limits.conf @wheel hard core 1000000 # grep wheel /etc/group wheel:x:10:root,jmknoble This appears not to be working with openssh-1.2.3. Any ideas on what change could have caused this to resurface? -- jim knoble jmknoble at pobox.com
P? 2000-Mar-29 klokka 01:26:32 -0500 skrivet Jim Knoble:
: The ulimit problem appears to have reared its head again with
: openssh-1.2.3, under Red Hat Linux 6.1 (kernel-2.2.12, glibc-2.1.2,
: egcs-1.1.2, openssl-0.9.5, pam-0.68, pwdb-0.60):
[...]
: $ ssh localhost
: Last login: Wed Mar 29 01:10:36 2000 from quipu.earth
: You have mail.
: ulimit: cannot raise limit: Operation not permitted
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Further info: openssh-1.2.3 appears to be ignoring /etc/pam.d/sshd.
The following pam file ought not to allow me to login via ssh:
#%PAM-1.0
auth required /lib/security/pam_deny.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_deny.so
session required /lib/security/pam_deny.so
Yet, i can still log in as though nothing were wrong. sshd appears to
be linked against the PAM libs:
# ldd /usr/sbin/sshd
libdl.so.2 => /lib/libdl.so.2 (0x40018000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4001c000)
libz.so.1 => /usr/lib/libz.so.1 (0x40032000)
libutil.so.1 => /lib/libutil.so.1 (0x40041000)
libpam.so.0 => /lib/libpam.so.0 (0x40044000)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x4004c000)
libc.so.6 => /lib/libc.so.6 (0x400fd000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
And i'm certain i didn't build with '--without-pam':
$ grep -B 2 -A 7 '\./configure' openssh.jmk.spec
%build
CFLAGS="${RPM_OPT_FLAGS}" \
./configure \
--prefix="%{Prefix}" \
--sysconfdir="%{EtcDir}" \
--with-ipv4-default \
--with-tcp-wrappers \
--with-default-path="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
make
I'm mystified. Damien, can you confirm whether anything similar to
this is happening for you under RHL-6.1?
--
jim knoble
jmknoble at pobox.com