[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections

Hello,

Thanks. The ssh issue has been solved.


"The same symptoms appear in an answer to

https://superuser.com/questions/166359/why-is-my-ssh-login-slow

which includes various solutions, some more permanent/apparently
likely to help you than others.

Just out of interest, is the su command (on the ssh server machine)
also affected by authentication delays?  This apparently suggests a
PAM issue."

In answer yes su on the ssh machine also has these delays. It is
looking like a pam issue.


"1.  "I found that PAM was reading the file /var/log/btmp, which had
become huge as a result of people trying to brute-force my server.
This was leading to login times of a minute. Clearing this file solved
the problem."

I did check for /var/log/btmp and it is a nice lovely 25MB in size. I
did clear it, restarted sshd and this did not clear up the problem,
still had the delays.

"2.  "I noticed that when I change UsePAM yes to UsePAM no then this
issue is resolved."

BINGO! I flipped that UsePAM setting to no and the problem has gone away.

Regarding the original issue of the systemd upgrade and the invalid
attributes (this sshd was a nice side venture but wasn't sure if it
was connected or not) here is the output that I've got:

Setting up systemd (252.11-1~deb12u1) ...
Installing new version of config file /etc/systemd/journald.conf ...
Installing new version of config file /etc/systemd/logind.conf ...
Installing new version of config file /etc/systemd/networkd.conf ...
Installing new version of config file /etc/systemd/pstore.conf ...
Installing new version of config file /etc/systemd/sleep.conf ...
Installing new version of config file /etc/systemd/system.conf ...
Installing new version of config file /etc/systemd/user.conf ...
Cannot set file attributes for '/var/log/journal', maybe due to
incompatibility in specified attributes, previous=0x00080000,
current=0x00080000, expected=0x00880000, ignoring.
Cannot set file attributes for
'/var/log/journal/390b00d843d3401094a8fd44f1b7de82', maybe due to
incompatibility in specified attributes, previous=0x00080000,
current=0x00080000, expected=0x00880000, ignoring.
Obsolete conffile /etc/systemd/resolved.conf has been modified by you.
Saving as /etc/systemd/resolved.conf.dpkg-bak ...

Thanks.
Dave.


On 7/15/23, Gareth Evans <donotspam@fastmail.fm> wrote:
> On Sat 15 Jul 2023, at 13:09, Gareth Evans <donotspam@fastmail.fm> wrote:
>>
>> 2.  "I noticed that when I change UsePAM yes to UsePAM no then this
>> issue is resolved."
>>
>> There may be security (or other) issues with (2).
>
> See, for example:
>
> https://unix.stackexchange.com/questions/673153/sshd-what-are-the-practical-effects-of-setting-usepam-no
>
>
Reply to: