Bug#187558: ssh: log output of pam_limits.so in debug mode
Package: ssh
Version: 1:3.6.1p2-9
Followup-For: Bug #187558
On a system experiencing problems
Sep 23 15:59:36 milusia sshd[5334]: Accepted publickey for glaweh from
192.168.1.10 port 32869 ssh2
Sep 23 15:59:37 milusia ssh(pam_unix)[5338]: session opened for user
glaweh by (uid=1001)
Sep 23 15:59:37 milusia pam_limits[5338]: reading settings from
'/etc/security/limits.conf'
Sep 23 15:59:37 milusia pam_limits[5338]: setrlimit limit #6 to soft=-1,
hard=-1 failed: Operation not permitted; uid=1001 euid=1001
Sep 23 15:59:37 milusia sshd[5338]: fatal: PAM session setup failed[6]:
Permission denied
On a system without problems:
Sep 23 16:22:45 homer sshd[19217]: Accepted publickey for glaweh from
192.168.1.10 port 32876 ssh2
Sep 23 16:22:45 homer ssh(pam_unix)[19219]: session opened for user
glaweh by (uid=1000)
Sep 23 16:22:45 homer pam_limits[19219]: reading settings from
'/etc/security/limits.conf'
Sep 23 16:22:45 homer pam_limits[19219]: setrlimit limit #6 to soft=-1,
hard=-1 failed: Operation not permitted; uid=1000 euid=1000
so the same error occurs in PAM, but sshd doesn't fail.
Next step: diff of the sshd configuration:
--- sshd_config.homer.2 2003-09-23 17:01:42.000000000 +0200
+++ sshd_config.milusia.2 2003-09-23 17:01:53.000000000 +0200
@@ -1,18 +1,19 @@
HostbasedAuthentication no
HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
KeepAlive yes
KeyRegenerationInterval 3600
LoginGraceTime 600
LogLevel INFO
+PAMAuthenticationViaKbdInt no
PasswordAuthentication yes
PermitEmptyPasswords no
-PermitRootLogin no
+PermitRootLogin yes
Port 22
-PrintLastLog no
PrintMotd no
+Protocol 2
+PubkeyAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
@@ -20,5 +21,6 @@
StrictModes yes
Subsystem sftp /usr/lib/sftp-server
SyslogFacility AUTH
+UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding yes
Further experiments show:
Commenting out
+PAMAuthenticationViaKbdInt no
seems to solve the problem on host milusia.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bart.simpsons.bogus 2.6.0-test5-supermount #1 Tue Sep 9 22:57:09 UTC 2003 i686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.3.14 Debian configuration management sy
ii libc6 2.3.2-8 GNU C Library: Shared libraries an
ii libpam-modules 0.76-14 Pluggable Authentication Modules f
ii libpam0g 0.76-14 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7b-2 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.1.4-15 compression library - runtime
-- debconf information excluded
Reply to: