[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
I can confirm that the updated package works in that the real use case
which triggered the original bug (involving a script setting up an ssh
tunnel) no longer does. Sorry for the delay in responding -- things have
been busy, so I have also not tested the updated package much.
I have not updated the verification status as the VM on which I tested
this is not entirely up-to-date and standard. I hope that someone is in
a better position than I to test more thoroughly.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
Fix Committed
Bug description:
[Impact]
In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select()
to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by
upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream:
fix poll() spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
[Where Problems Could Occur]
While the patch in question is well tested upstream, it has a
relatively high line count and as such is difficult to assure
correctness by visual code checking. However, it's not clear that the
line count could be significantly reduced without risking loss of
correctness. Thus this relies more on testing to assure robustness,
than on code review.
The code involves polling behavior, so issues to watch for would more
likely involve process handling, i.e. problems with socket polling.
Beyond that, the usual generic issues to watch for - build issues,
dependency issues during build or on upgrade, and service restarting.
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by
this bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
release notes at https://www.openssh.com/txt/release-9.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
And I can confirm that the patch at https://bugzilla.mindrot.org/attachment.cgi?id=3581 applies cleanly and fixes this issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in openssh package in Ubuntu: New Bug description: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] [NEW] ssh client spins if output fd closed
Public bug reported: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in openssh package in Ubuntu: New Bug description: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1934393] Re: systemd-logind network access is blocked, and breaks remote authentication configurations
I think Dan's summary above is very good. For clarification I would add a couple of points. The issue is not just remote logins. xdm behaves in the same way, and the absence of a systemd-logind session may mean that sound is then unavailable to the user logged in at the console. (Mentioned to help people searching for local sound issues.) Comments 12 and 16 of bug #1915502 also mention ProtectHostname=no which I don't understand. My understanding of nscd is that, even on cache misses, it will perform the lookup itself, and, being a separate process outside the systemd- logind sandbox, it will succeed. I am not convinced that mandating the use of nscd would be a good idea though, especially as some distributions are moving away from it, e.g. https://fedoraproject.org/wiki/Changes/RemoveNSCD I suspect a lot of NIS/LDAP users do use some version of nscd, which is why there are not more people caught by this issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1934393 Title: systemd-logind network access is blocked, and breaks remote authentication configurations Status in systemd: Fix Released Status in nis package in Ubuntu: Confirmed Status in openldap package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Won't Fix Status in nis package in Debian: Fix Released Bug description: [impact] starting in focal, systemd-logind runs sandboxed without any network access, which breaks any configuration that uses remote servers for user data, e.g. ldap, nis, etc A more full discussion is available in the upstream bug report as well as the debian bug report, see other info section below [test case] many possible ways to reproduce this; there are reproducers in some of the bugs reported before that are caused by this, e.g. bug 1915502 or bug 1916235 [regression potential] failure to authenticate when using remote user data, incorrect authentication, security issues due to un-sandboxing of systemd-logind [scope] this is needed in f and later before focal, systemd-logind was not sandboxed so this did not apply [other info] this isn't actually a bug in systemd, this is a by-design security feature, and the intended upstream design is for systemd-logind to talk to systemd-userdb, so that systemd-logind can remain network- sandboxed while systemd-userdb performs any needed network access for user/auth data. However, Debian and Ubuntu don't enable/provide systemd-userdb, so that design does not work for Debian/Ubuntu. this also can cause systemd-udevd failures in some cases as well, apparently (based on upstream and debian discussion comments) For reference, upstream discussion around the systemd-logind sandboxing specifically: https://github.com/systemd/systemd/issues/7074 upstream updated doc PR explaining the upstream position: https://github.com/systemd/systemd/pull/7343 Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878625 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1934393/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1915502] Re: "systemd --user" fails to start for non-local users
I can confirm that installing nscd also solves the problem without
needing to fiddle with the systemd-logind restrictions. However, I am no
fan of nscd. Caching passwords for ten minutes (its default) causes all
sorts of confusion when a user changes his password, or requests a
password reset, for the protocol has no ability to indicate when the
cache is probably invalid.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1915502
Title:
"systemd --user" fails to start for non-local users
Status in systemd package in Ubuntu:
Incomplete
Status in systemd source package in Focal:
Incomplete
Bug description:
systemd-logind fails to start the systemd --user process for non-local
users on Ubuntu 20.04. This is a reproducible problem; all our
systems are displaying the same symptoms.
The systems are using Kerberos (Active Directory) for authentication,
and NIS for account meta-data and authorisation (groups)
A base installation is performed using the server 20.04 ISO image. No
additional packages are selected. Post-install, I run:
apt-get install tcsh nis krb5-user libpam-krb5 libnss-systemd
I set up the NIS client (supply the default domain name, check ypbind
is running and ypcat passwd is working)
I then set up /etc/krb5.conf for kerberos authentication to a domain
controller, confirm that kinit works and a kerberos ticket is issued.
I modify /etc/passwd, /etc/group and /etc/shadow, appending a "+" to
the end of each.
/etc/nsswitch.conf is modified to support compat mode, as well as
systemd:
passwd: compat systemd
group: compat systemd
shadow: compat
I can log in remotely via ssh using my NIS account and Kerberos
credentials. MY NIS meta-data looks like:
amcvey:KRB5:::Andy McVey:/home/amcvey:/bin/tcsh
(where UID and GID are replaced with values unique to the
organisation)
On login, the following occurs:
hostname:~> systemctl --user
Failed to connect to bus: No such file or directory
I put pam-systemd and systemd-logind into debug mode to get more
information:
Feb 12 09:51:32 myhostname sshd[1210]: Accepted publickey for amcvey from
[redact] port 58849 ssh2: RSA SHA256:[redact]
Feb 12 09:51:32 myhostname sshd[1210]: pam_unix(sshd:session): session opened
for user amcvey by (uid=0)
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_call
sender=:1.13 destination=org.freedesktop.login1 path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager member=CreateSession cookie=2
reply_cookie=0 signature=uusussbssa(sv) error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): pam-systemd
initializing
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=40
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Asking
logind to create session: uid=198083 pid=1210 service=sshd type=tty class=user
desktop= seat= vtnr=0 tty= display= remote=yes remote_user=
remote_host=10.105.121.110
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=13 reply_cookie=40 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Session
limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a
runtime_max_sec=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=41
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Failed to
create session: No such process
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=14 reply_cookie=41 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Unable to connect to
/run/systemd/userdb/io.systemd.Multiplexer: No such file or directory
Feb 12 09:51:32 myhostname systemd-logind[903]: n/a: varlink: setting state
idle-client
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: Sending message:
{"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"uid":198083,"service":"io.systemd.DynamicUser"}}
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: varlink: changing state
[Touch-packages] [Bug 1915502] Re: "systemd --user" fails to start for non-local users
Thanks for that. I can confirm that
systemctl daemon-reload; systemctl restart systemd-logind
(in that order) avoids the need for a reboot, and for a couple of my
machines I am very grateful for this information.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1915502
Title:
"systemd --user" fails to start for non-local users
Status in systemd package in Ubuntu:
Incomplete
Status in systemd source package in Focal:
Incomplete
Bug description:
systemd-logind fails to start the systemd --user process for non-local
users on Ubuntu 20.04. This is a reproducible problem; all our
systems are displaying the same symptoms.
The systems are using Kerberos (Active Directory) for authentication,
and NIS for account meta-data and authorisation (groups)
A base installation is performed using the server 20.04 ISO image. No
additional packages are selected. Post-install, I run:
apt-get install tcsh nis krb5-user libpam-krb5 libnss-systemd
I set up the NIS client (supply the default domain name, check ypbind
is running and ypcat passwd is working)
I then set up /etc/krb5.conf for kerberos authentication to a domain
controller, confirm that kinit works and a kerberos ticket is issued.
I modify /etc/passwd, /etc/group and /etc/shadow, appending a "+" to
the end of each.
/etc/nsswitch.conf is modified to support compat mode, as well as
systemd:
passwd: compat systemd
group: compat systemd
shadow: compat
I can log in remotely via ssh using my NIS account and Kerberos
credentials. MY NIS meta-data looks like:
amcvey:KRB5:::Andy McVey:/home/amcvey:/bin/tcsh
(where UID and GID are replaced with values unique to the
organisation)
On login, the following occurs:
hostname:~> systemctl --user
Failed to connect to bus: No such file or directory
I put pam-systemd and systemd-logind into debug mode to get more
information:
Feb 12 09:51:32 myhostname sshd[1210]: Accepted publickey for amcvey from
[redact] port 58849 ssh2: RSA SHA256:[redact]
Feb 12 09:51:32 myhostname sshd[1210]: pam_unix(sshd:session): session opened
for user amcvey by (uid=0)
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_call
sender=:1.13 destination=org.freedesktop.login1 path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager member=CreateSession cookie=2
reply_cookie=0 signature=uusussbssa(sv) error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): pam-systemd
initializing
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=40
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Asking
logind to create session: uid=198083 pid=1210 service=sshd type=tty class=user
desktop= seat= vtnr=0 tty= display= remote=yes remote_user=
remote_host=10.105.121.110
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=13 reply_cookie=40 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Session
limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a
runtime_max_sec=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=41
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Failed to
create session: No such process
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=14 reply_cookie=41 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Unable to connect to
/run/systemd/userdb/io.systemd.Multiplexer: No such file or directory
Feb 12 09:51:32 myhostname systemd-logind[903]: n/a: varlink: setting state
idle-client
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: Sending message:
{"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"uid":198083,"service":"io.systemd.DynamicUser"}}
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: varlink: changing state idle-client
→ awaiting-reply
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: New incoming message:
[Touch-packages] [Bug 1915502] Re: "systemd --user" fails to start for non-local users
A little more information, after some investigation. The issue affects xdm logins at the console, as well as remote ssh logins. This also means that audio at the console fails to work, as ACLs for the console's user are not added to the audio devices. It seem that it can be solved by putting in /etc/systemd/system/systemd- logind.service.d/override.conf [Service] RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET IPAddressDeny= ProtectHostname=no after which "systemctl daemon-reload" followed by "systemctl daemon- reexec" does nothing useful, but a reboot does cause things to start working. (I don't understand why daemon-reexec differs from rebooting.) Changing the above file is approximately equivalent to "systemctl edit systemd-logind" followed by "systemctl daemon-reload", but, when faced with multiple machines, the file change may be easier to script. Note that the directory probably does not exist. The need for ProtectHostname=no seems new, and note also that if one speaks IPv6 to one's NIS servers, AF_INET6 may be necessary. I do not use nscd, which may also solve the issue. I don't understand Haoke's comment that systemd is not involved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1915502 Title: "systemd --user" fails to start for non-local users Status in systemd package in Ubuntu: Incomplete Status in systemd source package in Focal: Incomplete Bug description: systemd-logind fails to start the systemd --user process for non-local users on Ubuntu 20.04. This is a reproducible problem; all our systems are displaying the same symptoms. The systems are using Kerberos (Active Directory) for authentication, and NIS for account meta-data and authorisation (groups) A base installation is performed using the server 20.04 ISO image. No additional packages are selected. Post-install, I run: apt-get install tcsh nis krb5-user libpam-krb5 libnss-systemd I set up the NIS client (supply the default domain name, check ypbind is running and ypcat passwd is working) I then set up /etc/krb5.conf for kerberos authentication to a domain controller, confirm that kinit works and a kerberos ticket is issued. I modify /etc/passwd, /etc/group and /etc/shadow, appending a "+" to the end of each. /etc/nsswitch.conf is modified to support compat mode, as well as systemd: passwd: compat systemd group: compat systemd shadow: compat I can log in remotely via ssh using my NIS account and Kerberos credentials. MY NIS meta-data looks like: amcvey:KRB5:::Andy McVey:/home/amcvey:/bin/tcsh (where UID and GID are replaced with values unique to the organisation) On login, the following occurs: hostname:~> systemctl --user Failed to connect to bus: No such file or directory I put pam-systemd and systemd-logind into debug mode to get more information: Feb 12 09:51:32 myhostname sshd[1210]: Accepted publickey for amcvey from [redact] port 58849 ssh2: RSA SHA256:[redact] Feb 12 09:51:32 myhostname sshd[1210]: pam_unix(sshd:session): session opened for user amcvey by (uid=0) Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_call sender=:1.13 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=CreateSession cookie=2 reply_cookie=0 signature=uusussbssa(sv) error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): pam-systemd initializing Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=40 reply_cookie=0 signature=s error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Asking logind to create session: uid=198083 pid=1210 service=sshd type=tty class=user desktop= seat= vtnr=0 tty= display= remote=yes remote_user= remote_host=10.105.121.110 Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a interface=n/a member=n/a cookie=13 reply_cookie=40 signature=u error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Session limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a runtime_max_sec=n/a Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=41 reply_cookie=0 signature=s error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Failed to create session: No such process Feb 12 09:51:32
[Touch-packages] [Bug 1923472] [NEW] xdm fails to start on Sundays
Public bug reported: On the first login of the week, xdm (1.1.11-3ubuntu2) fails to start on Ubuntu 20.04. More correctly, it does start, but exits almost immediately on signal 12. It leaves /var/run/xdm.pid behind, and also a running X server with no clients. This makes it hard to restart, for one needs to kill the X server and remove the pid file first. The cause is logrotate running during startup and killing xdm before xdm installs a handler for SIGUSR2. The issue is more fully described upstream at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948346 In passing I would comment that running logrotate so early during startup seems strange to me. Startup would surely be faster if these sort of "cron" jobs were left until it had finished? ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1923472 Title: xdm fails to start on Sundays Status in systemd package in Ubuntu: New Bug description: On the first login of the week, xdm (1.1.11-3ubuntu2) fails to start on Ubuntu 20.04. More correctly, it does start, but exits almost immediately on signal 12. It leaves /var/run/xdm.pid behind, and also a running X server with no clients. This makes it hard to restart, for one needs to kill the X server and remove the pid file first. The cause is logrotate running during startup and killing xdm before xdm installs a handler for SIGUSR2. The issue is more fully described upstream at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948346 In passing I would comment that running logrotate so early during startup seems strange to me. Startup would surely be faster if these sort of "cron" jobs were left until it had finished? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1923472/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1915502] Re: "systemd --user" fails to start for non-local users
A good idea, but it made no difference for me. I even went a little further and tried [Service] RestrictAddressFamilies=AF_INET IPAddressAllow=any SystemCallFilter= ProtectSystem=off CapabilityBoundingSet= but still no change, even after a reboot. Logins produce the pair of lines Apr 5 18:42:09 pc2 sshd[1368]: pam_unix(sshd:session): session opened for user mjr19 by (uid=0) Apr 5 18:42:09 pc2 sshd[1368]: pam_systemd(sshd:session): Failed to create session: No such process save that if sshd is not run under systemctl, but rather as "sshd -ddd" from the command line, the "failed to create session" line is not logged, either to stderr or syslog. Still no session is created though. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1915502 Title: "systemd --user" fails to start for non-local users Status in systemd package in Ubuntu: Incomplete Bug description: systemd-logind fails to start the systemd --user process for non-local users on Ubuntu 20.04. This is a reproducible problem; all our systems are displaying the same symptoms. The systems are using Kerberos (Active Directory) for authentication, and NIS for account meta-data and authorisation (groups) A base installation is performed using the server 20.04 ISO image. No additional packages are selected. Post-install, I run: apt-get install tcsh nis krb5-user libpam-krb5 libnss-systemd I set up the NIS client (supply the default domain name, check ypbind is running and ypcat passwd is working) I then set up /etc/krb5.conf for kerberos authentication to a domain controller, confirm that kinit works and a kerberos ticket is issued. I modify /etc/passwd, /etc/group and /etc/shadow, appending a "+" to the end of each. /etc/nsswitch.conf is modified to support compat mode, as well as systemd: passwd: compat systemd group: compat systemd shadow: compat I can log in remotely via ssh using my NIS account and Kerberos credentials. MY NIS meta-data looks like: amcvey:KRB5:::Andy McVey:/home/amcvey:/bin/tcsh (where UID and GID are replaced with values unique to the organisation) On login, the following occurs: hostname:~> systemctl --user Failed to connect to bus: No such file or directory I put pam-systemd and systemd-logind into debug mode to get more information: Feb 12 09:51:32 myhostname sshd[1210]: Accepted publickey for amcvey from [redact] port 58849 ssh2: RSA SHA256:[redact] Feb 12 09:51:32 myhostname sshd[1210]: pam_unix(sshd:session): session opened for user amcvey by (uid=0) Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_call sender=:1.13 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=CreateSession cookie=2 reply_cookie=0 signature=uusussbssa(sv) error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): pam-systemd initializing Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=40 reply_cookie=0 signature=s error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Asking logind to create session: uid=198083 pid=1210 service=sshd type=tty class=user desktop= seat= vtnr=0 tty= display= remote=yes remote_user= remote_host=10.105.121.110 Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a interface=n/a member=n/a cookie=13 reply_cookie=40 signature=u error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Session limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a runtime_max_sec=n/a Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=41 reply_cookie=0 signature=s error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Failed to create session: No such process Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a interface=n/a member=n/a cookie=14 reply_cookie=41 signature=u error-name=n/a error-message=n/a Feb 12 09:51:32 myhostname systemd-logind[903]: Unable to connect to /run/systemd/userdb/io.systemd.Multiplexer: No such file or directory Feb 12 09:51:32 myhostname systemd-logind[903]: n/a: varlink: setting state idle-client Feb 12 09:51:32 myhostname systemd-logind[903]:
[Touch-packages] [Bug 1915502] Re: "systemd --user" fails to start for non-local users
I think I am suffering from the same issue.
I have always run without "UsePAM yes" in sshd_config, but I recently
tried turning it on in order to get XDG_ variables set correctly and
proper systemd sessions for ssh logins.
In 18.04 it worked as expected, but in 20.04 I get
sshd[387766]: pam_systemd(sshd:session): Failed to create session: No
such process
in the logs after turning setting debug on pam_systemd.so
and loginctl does not list the session. I am using NIS, but do not have
the added complication of Kerberos.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1915502
Title:
"systemd --user" fails to start for non-local users
Status in systemd package in Ubuntu:
Confirmed
Bug description:
systemd-logind fails to start the systemd --user process for non-local
users on Ubuntu 20.04. This is a reproducible problem; all our
systems are displaying the same symptoms.
The systems are using Kerberos (Active Directory) for authentication,
and NIS for account meta-data and authorisation (groups)
A base installation is performed using the server 20.04 ISO image. No
additional packages are selected. Post-install, I run:
apt-get install tcsh nis krb5-user libpam-krb5 libnss-systemd
I set up the NIS client (supply the default domain name, check ypbind
is running and ypcat passwd is working)
I then set up /etc/krb5.conf for kerberos authentication to a domain
controller, confirm that kinit works and a kerberos ticket is issued.
I modify /etc/passwd, /etc/group and /etc/shadow, appending a "+" to
the end of each.
/etc/nsswitch.conf is modified to support compat mode, as well as
systemd:
passwd: compat systemd
group: compat systemd
shadow: compat
I can log in remotely via ssh using my NIS account and Kerberos
credentials. MY NIS meta-data looks like:
amcvey:KRB5:::Andy McVey:/home/amcvey:/bin/tcsh
(where UID and GID are replaced with values unique to the
organisation)
On login, the following occurs:
hostname:~> systemctl --user
Failed to connect to bus: No such file or directory
I put pam-systemd and systemd-logind into debug mode to get more
information:
Feb 12 09:51:32 myhostname sshd[1210]: Accepted publickey for amcvey from
[redact] port 58849 ssh2: RSA SHA256:[redact]
Feb 12 09:51:32 myhostname sshd[1210]: pam_unix(sshd:session): session opened
for user amcvey by (uid=0)
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message type=method_call
sender=:1.13 destination=org.freedesktop.login1 path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager member=CreateSession cookie=2
reply_cookie=0 signature=uusussbssa(sv) error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): pam-systemd
initializing
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixUser cookie=40
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Asking
logind to create session: uid=198083 pid=1210 service=sshd type=tty class=user
desktop= seat= vtnr=0 tty= display= remote=yes remote_user=
remote_host=10.105.121.110
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=13 reply_cookie=40 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Session
limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a
runtime_max_sec=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Sent message type=method_call
sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=41
reply_cookie=0 signature=s error-name=n/a error-message=n/a
Feb 12 09:51:32 myhostname sshd[1210]: pam_systemd(sshd:session): Failed to
create session: No such process
Feb 12 09:51:32 myhostname systemd-logind[903]: Got message
type=method_return sender=org.freedesktop.DBus destination=:1.6 path=n/a
interface=n/a member=n/a cookie=14 reply_cookie=41 signature=u error-name=n/a
error-message=n/a
Feb 12 09:51:32 myhostname systemd-logind[903]: Unable to connect to
/run/systemd/userdb/io.systemd.Multiplexer: No such file or directory
Feb 12 09:51:32 myhostname systemd-logind[903]: n/a: varlink: setting state
idle-client
Feb 12 09:51:32 myhostname systemd-logind[903]:
/run/systemd/userdb/io.systemd.DynamicUser: Sending message:
{"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{"uid":198083,"service":"io.systemd.DynamicUser"}}
Feb 12 09:51:32 myhostname
