Bug#331005: sshd[27912]: fatal: PAM: pam_setcred(): Critical error - immediate abort
Package: openssh-server
Version: 1:4.2p1-4
Severity: important
Trying to login as a user using keyboard/password authentication results in:
----
Read from remote host thedarkcitadel.com: Connection reset by peer
Connection to thedarkcitadel.com closed.
----
In syslog you have the following:
----
Sep 30 20:08:16 thedarkcitadel sshd[27905]: Accepted keyboard-interactive/pam for ovrlrdq from 70.178.82.111 port 2305 ssh2
Sep 30 20:08:16 thedarkcitadel sshd[27912]: (pam_unix) session opened for user ovrlrdq by (uid=0)
Sep 30 20:08:16 thedarkcitadel sshd[27912]: fatal: PAM: pam_setcred(): Critical error - immediate abort
Sep 30 20:08:17 thedarkcitadel sshd[27912]: (pam_unix) session closed for user ovrlrdq
----
Luckily if logging in using authorized keys, the operation is successfull otherwise there would be no way to login to the box.
Contents of /etc/pam.d/ssh/ :
----
auth required pam_env.so # [1]
@include common-auth
@include common-account
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
@include common-password
----
Contents of /etc/pam.d/common-auth :
----
auth required pam_unix.so nullok_secure
----
Contents of /etc/pam.d/common-account :
----
account required pam_unix.so
----
Contents of /etc/pam.d/common-session :
----
session required pam_unix.so
----
Contents of /etc/pam.d/common-password :
---
password required pam_unix.so nullok obscure min=4 max=8 md5
---
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.12.3-linode14
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openssh-server depends on:
ii adduser 3.67.1 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libcomerr2 1.38-2 common error description library
ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries
ii libpam-modules 0.79-2 Pluggable Authentication Modules f
ii libpam-runtime 0.79-2 Runtime support for the PAM librar
ii libpam0g 0.79-2 Pluggable Authentication Modules l
ii libselinux1 1.26-1 SELinux shared libraries
ii libssl0.9.7 0.9.7g-3 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.2p1-4 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-4 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
Reply to: