On Fri, May 11, 2007 at 10:59:19AM -0400, Lowell Gilbert wrote: > Christopher Cowart <[EMAIL PROTECTED]> writes: > > When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults > > after the process terminates. This problem occurs on both 6_1_REL and > > 6_2_REL installations at all sorts of patch levels. > > > > Examples: > > > > Client: `ssh -t server ls` > > Server Logs: > > | May 9 15:33:44 server sshd: Accepted publickey for ccowart from > > | client port 43604 ssh2 > > | May 9 15:33:45 server sshd: pam_sm_close_session(): no utmp > > | record for ttyp5 > > > > Client: `ssh server ls` > > Server Logs: > > | May 9 15:33:50 server sshd: Accepted publickey for ccowart from > > | client port 42119 ssh2 > > | May 9 15:33:51 server pid 1511 (sshd), uid 1225: exited on signal 11 > > > > In either example, the client thinks the command has completed > > successfully, shows proper output, and propogates the return value from > > the remote command. The main problem is I don't like seeing a bunch of > > segfaults being logged in the daily run output. > > > > Our sshd_config stock, except we set `PermitRootLogin yes`. > > > > Does anyone know why this happens? Should I file a problem report? > > I can't reproduce it on my own machines (-STABLE, a few weeks old), so > a PR probably would need a more precise reproduction scenario.
Thanks for the sanity check. I went back and did some more thourough troubleshooting. I am currently using pam_ldap and pam_require from ports. I went through my pam configuration, set everything to pam_permit, and the segfaults went away. Uncommenting one rule at a time in my pam stack, I discovered the culprit: pam_lastlog The session section of my system pam configuration looks like this: | # session | session required pam_lastlog.so no_fail debug | session optional /usr/local/lib/pam_ldap.so no_warn When I comment out the pam_lastlog, the segfaults vanish. Should I file a PR with this new information? Thanks, -- Chris Cowart Lead Systems Administrator Network Infrastructure, RSSP-IT UC Berkeley
Description: Digital signature