Re: [Vserver] problems with sshd/pam inside vserver guest
On Thu, Oct 13, 2005 at 09:50:52AM -0700, Eric Jorgensen wrote: > --- Guenther Fuchs <[EMAIL PROTECTED]> wrote: > > > Hi there, > > > > on Thursday, October 13, 2005 at 18:14 on the list > > was posted: > > > > > I'm running 2.6.12.4-vs2.0 on a Fedora Core 4 box, > > > with a Fedora Core 4 guest. > > > > Have some of this here, same (x86_64 edition). > > > > > From /var/log/secure: > > > > What does /var/log/messages say? > > Oct 13 12:06:02 v015 pam_loginuid[24431]: set_loginuid > failed opening loginuid > Oct 13 12:06:02 v015 pam_loginuid[24431]: set_loginuid > failed > > > > Oct 13 12:06:02 v015 sshd[24431]: error: PAM: > > > pam_open_session(): Cannot make/remove an entry > > for > > > the specified session > > > > This sounds like the same problem I had - after > > googling the messages > > entry I found out, that commenting out the > > "pam_loginuid.so" in > > /etc/pam.d/* is necessary, as this does not load / > > exist. > > > > Let us know if this works. > > Yes, that worked beautifully! I am now able to login > to the guest remotely via ssh. JFYI: here is the explanation: there is something called linux kernel auditing (which can be used for various things, and this got so popular (although it has some design flaws) that userspace of some distros was modified to tell the kernel which uid did start what session (working around one of the flaws) unfortunately that framework is not virtualized yet, but enabled by default, which causes the issues you experienced ... removing the pam module is the best known solution for now, as it is unlikely that you will use the audit framework best, Herbert > Thanks! > > jorgy > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems with sshd/pam inside vserver guest
--- Guenther Fuchs <[EMAIL PROTECTED]> wrote: > Hi there, > > on Thursday, October 13, 2005 at 18:14 on the list > was posted: > > > I'm running 2.6.12.4-vs2.0 on a Fedora Core 4 box, > > with a Fedora Core 4 guest. > > Have some of this here, same (x86_64 edition). > > > From /var/log/secure: > > What does /var/log/messages say? Oct 13 12:06:02 v015 pam_loginuid[24431]: set_loginuid failed opening loginuid Oct 13 12:06:02 v015 pam_loginuid[24431]: set_loginuid failed > > > Oct 13 12:06:02 v015 sshd[24431]: error: PAM: > > pam_open_session(): Cannot make/remove an entry > for > > the specified session > > This sounds like the same problem I had - after > googling the messages > entry I found out, that commenting out the > "pam_loginuid.so" in > /etc/pam.d/* is necessary, as this does not load / > exist. > > Let us know if this works. Yes, that worked beautifully! I am now able to login to the guest remotely via ssh. Thanks! jorgy ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems with sshd/pam inside vserver guest
Hi there, on Thursday, October 13, 2005 at 18:14 on the list was posted: > I'm running 2.6.12.4-vs2.0 on a Fedora Core 4 box, > with a Fedora Core 4 guest. Have some of this here, same (x86_64 edition). > From /var/log/secure: What does /var/log/messages say? > Oct 13 12:06:02 v015 sshd[24431]: error: PAM: > pam_open_session(): Cannot make/remove an entry for > the specified session This sounds like the same problem I had - after googling the messages entry I found out, that commenting out the "pam_loginuid.so" in /etc/pam.d/* is necessary, as this does not load / exist. Let us know if this works. -- regards, Guenther Fuchs ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems with sshd/pam inside vserver guest
On Thursday 13 October 2005 12:14 pm, Eric Jorgensen wrote: I don't know the fedora installs, but I had basically that same problem on one of my earlier gentoo installs.. for me it was 2 things. 1. i didnt have my host ssh or guest ssh locked into listening to specific ip addresses. 2. the most important thing was, i created the guest using links against the template and something was wrong and much of the file system had immutable files and directories which prevented modifications/writes. once i fixed that so COW would break the link properly it did work. i dont know if this will help with anything but > Hello, > > I'm running 2.6.12.4-vs2.0 on a Fedora Core 4 box, > with a Fedora Core 4 guest. I've installed the > openssh-server package and dependencies, but I cannot > seem to get it to work. > > I have configured sshd on the host and guest to only > bind the their proper IPs: > > guest: > > tcp 00 10.0.0.215:22 0.0.0.0:* > LISTEN > > sshd does start up in the guest, but there is a > problem with pam. From /var/log/secure: > > > Oct 13 12:06:02 v015 sshd[24429]: Accepted password > for root from 10.0.0.215 port 47168 ssh2 > Oct 13 12:06:02 v015 sshd[24431]: error: PAM: > pam_open_session(): Cannot make/remove an entry for > the specified session > > > > I did a bunch of googling for this, and tried > commenting out the pam_limits.so from > /etc/pam.d/system-auth, but to no avail. > > Any pointers would be appreciated! > > Thanks, > > jorgy > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] problems with sshd/pam inside vserver guest
Hello, I'm running 2.6.12.4-vs2.0 on a Fedora Core 4 box, with a Fedora Core 4 guest. I've installed the openssh-server package and dependencies, but I cannot seem to get it to work. I have configured sshd on the host and guest to only bind the their proper IPs: guest: tcp 00 10.0.0.215:22 0.0.0.0:* LISTEN sshd does start up in the guest, but there is a problem with pam. From /var/log/secure: Oct 13 12:06:02 v015 sshd[24429]: Accepted password for root from 10.0.0.215 port 47168 ssh2 Oct 13 12:06:02 v015 sshd[24431]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session I did a bunch of googling for this, and tried commenting out the pam_limits.so from /etc/pam.d/system-auth, but to no avail. Any pointers would be appreciated! Thanks, jorgy ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver