Hi, I am using on sshd version OpenSSH_3.6.1p2. I am facing some very vauge problem when i run sshd server and try to connect to it. When I run sshd in debug mode [ ./sshd -ddd] I am able to connect to it and every thing functions very well, but when i run it as [./sshd] and try to connect it the connection hangs creating defunct process. The entries in process table are 25571 ? S 0:00 sshd: admin [priv] 25573 ? Z 0:00 [sshd <defunct>] I have propretory PAM module which hooks in my authentication mechanism to sshd. Based upon my pam module logs and sshd debug messages i can say that authentication went on smoothly and it returned PAM_SUCCESS to do_pam_authenticate. After this the shell just hangs. I can see this error in var log messages when run either by [ ./sshd -ddd] or [./sshd] PAM [dlerror: /lib/security/$ISA/pam_deny.so: cannot open shared object file: No such file or directory] My /etc/pam.d/sshd looks like this #%PAM-1.0 auth sufficient /scratch/Chidanand/bagini-p2/lib/pam_test.so account required /scratch/Chidanand/bagini-p2/lib/pam_test.so password required pam_stack.so service=system-auth session required /scratch/Chidanand/bagini-p2/lib/pam_test.so _________________________________________________________ I am confused with this problem, can any one help me to nail down this issue. -- Thanks, Chidanand Gangur Pune.
On Tue, May 10, 2005 at 07:55:53PM +0530, Chidanand Gangur wrote:> I am confused with this problem, can any one help me to nail down > this issue.Is the problem repeatable when you run ./sshd -D ? If it is, you can run sshd under strace/ktrace/truss/similar to get a thorough view of what is going on. //Peter
When started with strace SSHD waits in select loop. I have placed various log messages in sshd source code .what I can see is after calling do_pam_converse function from do_pam_account function sshd does nothing. that is creates zombie. On 5/10/05, Peter Stuge <stuge-openssh-unix-dev at cdy.org> wrote:> On Tue, May 10, 2005 at 07:55:53PM +0530, Chidanand Gangur wrote: > > I am confused with this problem, can any one help me to nail down > > this issue. > > Is the problem repeatable when you run ./sshd -D ? > > If it is, you can run sshd under strace/ktrace/truss/similar to get a > thorough view of what is going on. > > //Peter > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >-- Chidanand Gangur Pune.
I have tried various options upgrading PAM tweaking configuration files here and there went through the SSHD code but yet failed to resolve the problem. What is wrong in my configuration ?? is this problem related to libraries ? to which SSHD links? Please give me some clue. Thanks, Chidanand On 5/11/05, Peter Stuge <stuge-openssh-unix-dev at cdy.org> wrote:> On Wed, May 11, 2005 at 11:41:44AM +0530, Chidanand Gangur wrote: > > I tried to trace SSHD using strace -fF as said before SSHd waits in > > select loop. When i connect I do not get login prompt to proceed > > further. > > Ah, ok, I understand. And what are the last 100 or so lines of output > at that point? > > > //Peter > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >-- Chidanand Gangur Pune.
Chidanand Gangur wrote:> I have tried various options upgrading PAM > tweaking configuration files here and there > went through the SSHD code3.6.1p2 is a couple of years old and the PAM code in sshd has been significantly changed (improved, I hope :-). Did you build it from source yourself? What does the debug output from sshd give (ie "/path/to/sshd -ddde") for one of the problem connections? Does the problem occur with sshd from OpenSSH-4.0p1?> but yet failed to resolve the problem. What is wrong in my > configuration ?? is this problem related to libraries ? to which SSHD > links? Please give me some clue.Could be anything. When you mentioned "proprietary PAM module" you entered the realm of "there be dragons". -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
you are right Darren I have built the SSHD from source code. My only concern is as mentioned before every thing goes well when i run SSHD in debug mode [./sshd -ddd] . I face problem when i run it as service. [./sshd]. Regarding my pam module I not doing great in it i have my implementation for pam_sm_authenticate rest of the pam_sm_* functions are empty, that is they just return PAM_SUCCESS. And from the logs in SSHD , pam module and rest of the programs i can make out user was authenticated and a success was sent to SSHD. Now I am plannig to put function entry log and function exit log in all sshd code so that i can see what actually went wrong. Is there any other method to achive it. Thanks, Chidanand On 5/12/05, Darren Tucker <dtucker at zip.com.au> wrote:> Chidanand Gangur wrote: > > I have tried various options upgrading PAM > > tweaking configuration files here and there > > went through the SSHD code > > 3.6.1p2 is a couple of years old and the PAM code in sshd has been > significantly changed (improved, I hope :-). Did you build it from > source yourself? > > What does the debug output from sshd give (ie "/path/to/sshd -ddde") for > one of the problem connections? > > Does the problem occur with sshd from OpenSSH-4.0p1? > > > but yet failed to resolve the problem. What is wrong in my > > configuration ?? is this problem related to libraries ? to which SSHD > > links? Please give me some clue. > > Could be anything. When you mentioned "proprietary PAM module" you > entered the realm of "there be dragons". > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >-- Chidanand Gangur Pune.
On Thu, May 12, 2005 at 07:29:45PM +0530, Chidanand Gangur wrote:> you are right Darren I have built the SSHD from source code. My > only concern is as mentioned before every thing goes well when i > run SSHD in debug mode [./sshd -ddd] . I face problem when i run it > as service. [./sshd].How about ./sshd -D ? //Peter
Hi Daimen Miller, I accept your disguize, but I really thought this mailing list which could help me to solve the problem. The changes in SSHD code is only in one file i.e session.c and that too it is a very simple change. The changes is just setting an envoirnment variable which is just an integer. I am using child_set_env function to achieve it. The main problem is the behaviour changes on machine to machine. On some machine i get error PAM faulty module pam_test.so PAM unable to dlopen pam_test.so PAM unable to dlopen pam_deny.so On some machine every thing goes fine end to end and surprisingly all the machines are standard RH 9 machines. Am I missing out some configuration. I havent changed standard sshd_config file. I have tweaked nsswitch.conf and /etc/pam.d/sshd file. Thanks, Chidanand On 5/13/05, Damien Miller <djm at mindrot.org> wrote:> Chidanand Gangur wrote: > > Darren I havent checked with the latest version ... I have made few > > changes in sshd code too and few of my colleuges also share the same > > SSHD version, I will suerly try out OpenSSH-4.0p1? > > So, > > you use a old ssh version, > > to which you have made unspecified changes, > > on top of that you use a custom, unreleased PAM module, > > and you expect us to be willing and able to help you? > > Come on - if you are going to make changes to the code, then you have to > be ready to fix on your own it when it breaks. > > -d >-- Chidanand Gangur Pune.
Maybe Matching Threads
- [Bug 540] sshd [priv] doesn't give shell a tty and is killed by ^C too easily
- [Bug 536] no access to tty on Linux 2.0
- [Bug 318] Install failure creating ssh_prng_cmds
- [Bug 3481] New: PAM_TEXT_INFO messages are shown twice if they are the last conversation
- OpenSC smartcard access should use raw public keys, not X.509 certificates