Bug#187558: ssh: log output of pam_limits.so in debug mode

To: Debian Bug Tracking System <187558@bugs.debian.org>
Subject: Bug#187558: ssh: log output of pam_limits.so in debug mode
From: Henning Glawe <glaweh@physik.fu-berlin.de>
Date: Tue, 23 Sep 2003 17:22:12 +0200
Message-id: <[🔎] E1A1ozU-0000sv-00@bart.simpsons.bogus>
Reply-to: Henning Glawe <glaweh@physik.fu-berlin.de>, 187558@bugs.debian.org

Package: ssh
Version: 1:3.6.1p2-9
Followup-For: Bug #187558


On a system experiencing problems
Sep 23 15:59:36 milusia sshd[5334]: Accepted publickey for glaweh from
  192.168.1.10 port 32869 ssh2
Sep 23 15:59:37 milusia ssh(pam_unix)[5338]: session opened for user
  glaweh by (uid=1001)
Sep 23 15:59:37 milusia pam_limits[5338]: reading settings from
  '/etc/security/limits.conf'
Sep 23 15:59:37 milusia pam_limits[5338]: setrlimit limit #6 to soft=-1,
  hard=-1 failed: Operation not permitted; uid=1001 euid=1001
Sep 23 15:59:37 milusia sshd[5338]: fatal: PAM session setup failed[6]:
  Permission denied

On a system without problems:
Sep 23 16:22:45 homer sshd[19217]: Accepted publickey for glaweh from
  192.168.1.10 port 32876 ssh2
Sep 23 16:22:45 homer ssh(pam_unix)[19219]: session opened for user
  glaweh by (uid=1000)
Sep 23 16:22:45 homer pam_limits[19219]: reading settings from
  '/etc/security/limits.conf'
Sep 23 16:22:45 homer pam_limits[19219]: setrlimit limit #6 to soft=-1,
  hard=-1 failed: Operation not permitted; uid=1000 euid=1000


so the same error occurs in PAM, but sshd doesn't fail.
Next step: diff of the sshd configuration:

--- sshd_config.homer.2 2003-09-23 17:01:42.000000000 +0200
+++ sshd_config.milusia.2       2003-09-23 17:01:53.000000000 +0200
@@ -1,18 +1,19 @@
 HostbasedAuthentication no
 HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_key
 HostKey /etc/ssh/ssh_host_rsa_key
 IgnoreRhosts yes
 KeepAlive yes
 KeyRegenerationInterval 3600
 LoginGraceTime 600
 LogLevel INFO
+PAMAuthenticationViaKbdInt no
 PasswordAuthentication yes
 PermitEmptyPasswords no
-PermitRootLogin no
+PermitRootLogin yes
 Port 22
-PrintLastLog no
 PrintMotd no
+Protocol 2
+PubkeyAuthentication yes
 RhostsAuthentication no
 RhostsRSAAuthentication no
 RSAAuthentication yes
@@ -20,5 +21,6 @@
 StrictModes yes
 Subsystem      sftp    /usr/lib/sftp-server
 SyslogFacility AUTH
+UsePrivilegeSeparation yes
 X11DisplayOffset 10
 X11Forwarding yes


Further experiments show:
Commenting out

+PAMAuthenticationViaKbdInt no


seems to solve the problem on host milusia.



-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bart.simpsons.bogus 2.6.0-test5-supermount #1 Tue Sep 9 22:57:09 UTC 2003 i686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.3.14       Debian configuration management sy
ii  libc6                       2.3.2-8      GNU C Library: Shared libraries an
ii  libpam-modules              0.76-14      Pluggable Authentication Modules f
ii  libpam0g                    0.76-14      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-15   compression library - runtime

-- debconf information excluded

Reply to:

Prev by Date: Bug#211640: ssh: contains unlicensed Internet-Draft in /usr/share/doc/ssh/RFC.gz
Next by Date: Bug#211640: ssh: contains unlicensed Internet-Draft in /usr/share/doc/ssh/RFC.gz
Previous by thread: openssh_3.4p1-1.woody.3_m68k.changes REJECTED
Next by thread: Bug#212463: pam security problem in OpenSSH again?
Index(es):
- Date
- Thread