sshd pam_setcred problem
Eric Caron
I have my own script to start the daemon because a bunch of things need to
happen before the daemon is started. The sshd start script is called from my
own shell srcipt.
The daemon process starts correctly.
When I try to connect to the box I get try error message.
ssh m...@47.133.24.50
Password:
Connection to 47.133.24.50 closed by remote host.
Connection to 47.133.24.50 closed.
I get these logs in syslog.
Jan 1 00:09:10 10 sshd[798]: Accepted keyboard-interactive/pam for mtc from
47.128.32.124 port 38542 ssh2
Jan 1 00:09:10 10 sshd(pam_unix)[801]: session opened for user mtc by
(uid=0)
Jan 1 00:09:10 10 sshd[801]: fatal: PAM: pam_setcred(): Permission denied
Jan 1 00:09:10 10 sshd(pam_unix)[801]: session closed for user mtc
It seems sshd is trying to write user credential but it doesn't have the
permission. Something interesting. I get the same error if I try to
connect with the root account.
Eric
Darren Tucker
>Jan 1 00:09:10 10 sshd[801]: fatal: PAM: pam_setcred(): Permission denied
>Jan 1 00:09:10 10 sshd(pam_unix)[801]: session closed for user mtc
>It seems sshd is trying to write user credential but it doesn't have the
>permission. Something interesting. I get the same error if I try to
>connect with the root account.
There was some changes to pam_setcred handling in the 3.8x series. I'm
not sure if this is you're problem or not (it may be). I suggest you
first try OpenSSH 3.8.1p1 and see if that fixes it. Also, try with
"UsePrivilegeSeparation no" in sshd_config.
If niether work, please tell us what PAM modules you have in your sshd
stack (including any loaded with the pam_stack.so module).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Eric Caron
sshd with the debug option
===================
debug2: read_server_config: filename /opt/msp/etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.7p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /var/opt/msp/shared/etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /var/opt/msp/shared/etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 47.128.32.124 port 47115
debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat
OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijnda...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijnda...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijnda...@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijnda...@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 1548/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1611/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user mtc service ssh-connection method none
debug1: attempt 0 failures 0
debug2: input_userauth_request: setting up authctxt for mtc
debug1: PAM: initializing for "mtc"
debug3: Trying to reverse map address 47.128.32.124.
debug1: PAM: setting PAM_RHOST to "47.128.32.124"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: input_userauth_request: try method none
Failed none for mtc from 47.128.32.124 port 47115 ssh2
debug1: userauth-request for user mtc service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=mtc devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
Postponed keyboard-interactive for mtc from 47.128.32.124 port 47115 ssh2
debug2: PAM: sshpam_respond
debug3: ssh_msg_send: type 6
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 0
Postponed keyboard-interactive/pam for mtc from 47.128.32.124 port 47115
ssh2
debug2: PAM: sshpam_respond
debug3: do_pam_account: pam_acct_mgmt = 0
Accepted keyboard-interactive/pam for mtc from 47.128.32.124 port 47115 ssh2
debug1: Entering interactive session for SSH2.
debug2: fd 3 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or
directory
lastlog_openseek: /var/log/lastlog is not a file or directory!
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/9
debug3: tty_parse_modes: SSH2 n_bytes 256
debug3: tty_parse_modes: ospeed 38400
debug3: tty_parse_modes: ispeed 38400
debug3: tty_parse_modes: 1 3
debug3: tty_parse_modes: 2 28
debug3: tty_parse_modes: 3 127
debug3: tty_parse_modes: 4 21
debug3: tty_parse_modes: 5 4
debug3: tty_parse_modes: 6 0
debug3: tty_parse_modes: 7 0
debug3: tty_parse_modes: 8 17
debug3: tty_parse_modes: 9 19
debug3: tty_parse_modes: 10 26
debug3: tty_parse_modes: 12 18
debug3: tty_parse_modes: 13 23
debug3: tty_parse_modes: 14 22
debug3: tty_parse_modes: 18 15
debug3: tty_parse_modes: 30 0
debug3: tty_parse_modes: 31 0
debug3: tty_parse_modes: 32 0
debug3: tty_parse_modes: 33 0
debug3: tty_parse_modes: 34 0
debug3: tty_parse_modes: 35 0
debug3: tty_parse_modes: 36 1
debug3: tty_parse_modes: 37 0
debug3: tty_parse_modes: 38 1
debug3: tty_parse_modes: 39 0
debug3: tty_parse_modes: 40 0
debug3: tty_parse_modes: 41 0
debug3: tty_parse_modes: 50 1
debug3: tty_parse_modes: 51 1
debug3: tty_parse_modes: 52 0
debug3: tty_parse_modes: 53 1
debug3: tty_parse_modes: 54 1
debug3: tty_parse_modes: 55 1
debug3: tty_parse_modes: 56 0
debug3: tty_parse_modes: 57 0
debug3: tty_parse_modes: 58 0
debug3: tty_parse_modes: 59 1
debug3: tty_parse_modes: 60 1
debug3: tty_parse_modes: 61 1
debug3: tty_parse_modes: 62 0
debug3: tty_parse_modes: 70 1
debug3: tty_parse_modes: 71 0
debug3: tty_parse_modes: 72 1
debug3: tty_parse_modes: 73 0
debug3: tty_parse_modes: 74 0
debug3: tty_parse_modes: 75 0
debug3: tty_parse_modes: 90 1
debug3: tty_parse_modes: 91 1
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
debug1: server_input_channel_req: channel 0 request x11-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM: setting PAM_TTY to "/dev/pts/9"
debug1: PAM: establishing credentials
PAM: pam_setcred(): Permission denied
debug1: Calling cleanup 0x10017334(0x1007a7b8)
debug1: session_pty_cleanup: session 0 release /dev/pts/9
debug1: Calling cleanup 0x1002b8d4(0x0)
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)
debug3: channel 0: close_fds r -1 w -1 e -1
debug1: Calling cleanup 0x10026040(0x0)
debug1: PAM: cleanup
debug1: Calling cleanup 0x10039050(0x0)
SSHD trace
======
[pid 1060] read(3, "\0\0\0\17", 4) = 4
[pid 1060] read(3, "\1\0\0\0\nPassword: ", 15) = 15
[pid 1060] write(4,
"\35\255\3759\224\227\v\372\260\337\30\26\364\276Z\370\273"..., 64) = 64
[pid 1060] getpeername(4, {sa_family=AF_INET, sin_port=htons(47360),
sin_addr=inet_addr("47.128.32.124")}, [16]) = 0
[pid 1060] time([1085686256]) = 1085686256
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 7
[pid 1060] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(7, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(7, "<38>May 27 15:30:56 sshd[1060]: "..., 105, 0) = 105
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(7) = 0
[pid 1060] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 1060] read(4,
"/\332\216\377\203\273\n\227\36$C\263\34V}\27\207\275\255"..., 8192) = 80
[pid 1060] write(3, "\0\0\0\10\6", 5) = 5
[pid 1061] <... read resumed> "\0\0\0\10", 4) = 4
[pid 1061] read(5, "\6", 8) = 1
[pid 1061] read(5, <unfinished ...>
[pid 1060] write(3, "\0\0\0\3mtc", 7) = 7
[pid 1061] <... read resumed> "\0\0\0\3mtc", 7) = 7
[pid 1061] open("/etc/passwd", O_RDONLY) = 7
[pid 1061] fcntl64(7, F_GETFD) = 0
[pid 1061] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
[pid 1061] fstat64(7, {st_mode=S_IFREG|0444, st_size=1386, ...}) = 0
[pid 1061] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1061] _llseek(7, 0, [0], SEEK_CUR) = 0
[pid 1061] read(7, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1386
[pid 1061] close(7) = 0
[pid 1061] munmap(0x30019000, 4096) = 0
[pid 1061] brk(0x10090000) = 0x10090000
[pid 1061] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1061] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1061] open("/etc/shadow", O_RDONLY) = 7
[pid 1061] fcntl64(7, F_GETFD) = 0
[pid 1061] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
[pid 1061] fstat64(7, {st_mode=S_IFREG|0444, st_size=149, ...}) = 0
[pid 1061] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1061] _llseek(7, 0, [0], SEEK_CUR) = 0
[pid 1061] read(7, "mtc:$1$bcXjo07c$TsHlpjNp5L3PrbMl"..., 4096) = 149
[pid 1061] close(7) = 0
[pid 1061] munmap(0x30019000, 4096) = 0
[pid 1060] read(3, <unfinished ...>
[pid 1061] open("/etc/nologin", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1061] write(5, "\0\0\0\7\0", 5) = 5
[pid 1060] <... read resumed> "\0\0\0\7", 4) = 4
[pid 1061] write(5, "\0\0\0\2OK", 6 <unfinished ...>
[pid 1060] read(3, <unfinished ...>
[pid 1061] <... write resumed> ) = 6
[pid 1060] <... read resumed> "\0\0\0\0\2OK", 7) = 7
[pid 1061] exit(0) = ?
Process 1061 detached
[pid 1060] write(4,
"\275qD\320!8\177+\372\210\257\10K\231m*_\253V\10r\333N"..., 48) = 48
[pid 1060] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 1060] getpeername(4, {sa_family=AF_INET, sin_port=htons(47360),
sin_addr=inet_addr("47.128.32.124")}, [16]) = 0
[pid 1060] brk(0x1008f000) = 0x1008f000
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 7
[pid 1060] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(7, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(7, "<38>May 27 15:30:58 sshd[1060]: "..., 109, 0) = 109
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(7) = 0
[pid 1060] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 1060] read(4,
"\242A\17\305[v\310\350\6ZQ&\202F\254\372\312\300\360\213"..., 8192) = 80
[pid 1060] kill(1061, SIGTERM) = 0
[pid 1060] wait4(1061, [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) =
1061
[pid 1060] close(3) = 0
[pid 1060] close(5) = 0
[pid 1060] getuid() = 0
[pid 1060] open("/etc/passwd", O_RDONLY) = 3
[pid 1060] fcntl64(3, F_GETFD) = 0
[pid 1060] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fstat64(3, {st_mode=S_IFREG|0444, st_size=1386, ...}) = 0
[pid 1060] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1060] _llseek(3, 0, [0], SEEK_CUR) = 0
[pid 1060] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1386
[pid 1060] close(3) = 0
[pid 1060] munmap(0x30019000, 4096) = 0
[pid 1060] brk(0x10091000) = 0x10091000
[pid 1060] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1060] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1060] open("/etc/shadow", O_RDONLY) = 3
[pid 1060] fcntl64(3, F_GETFD) = 0
[pid 1060] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fstat64(3, {st_mode=S_IFREG|0444, st_size=149, ...}) = 0
[pid 1060] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1060] _llseek(3, 0, [0], SEEK_CUR) = 0
[pid 1060] read(3, "mtc:$1$bcXjo07c$TsHlpjNp5L3PrbMl"..., 4096) = 149
[pid 1060] close(3) = 0
[pid 1060] munmap(0x30019000, 4096) = 0
[pid 1060] time(NULL) = 1085686258
[pid 1060] getpeername(4, {sa_family=AF_INET, sin_port=htons(47360),
sin_addr=inet_addr("47.128.32.124")}, [16]) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 3
[pid 1060] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(3, "<38>May 27 15:30:58 sshd[1060]: "..., 108, 0) = 108
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(3) = 0
[pid 1060] write(4,
"\357\337\30\205\366\256\17\261a5\223G\345t\26\202\313Y"..., 32) = 32
[pid 1060] alarm(0) = 117
[pid 1060] close(6) = 0
[pid 1058] <... select resumed> ) = 1 (in [5])
[pid 1058] close(5) = 0
[pid 1058] select(6, [3], NULL, NULL, NULL <unfinished ...>
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 3
[pid 1060] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(3, "<39>May 27 15:30:58 sshd[1060]: "..., 78, 0) = 78
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(3) = 0
[pid 1060] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
[pid 1060] rt_sigaction(SIGCHLD, {0x1000cff0, [], 0}, NULL, 8) = 0
[pid 1060] pipe([3, 5]) = 0
[pid 1060] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fcntl64(3, F_GETFL) = 0 (flags O_RDONLY)
[pid 1060] fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid 1060] fcntl64(5, F_GETFL) = 0x1 (flags O_WRONLY)
[pid 1060] fcntl64(5, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 63, 0) = 63
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] select(5, [3 4], [], NULL, NULL) = 1 (in [4])
[pid 1060] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1060] read(4,
"\263D\216\312q\31\253\320\275i\254\255a\2547r1\255?\303"..., 16384) = 64
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 108, 0) = 108
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 61, 0) = 61
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] ioctl(-1, TCGETS, 0x7ffff2b8) = -1 EBADF (Bad file descriptor)
[pid 1060] ioctl(-1, TCGETS, 0x7ffff2b8) = -1 EBADF (Bad file descriptor)
[pid 1060] brk(0x10093000) = 0x10093000
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 71, 0) = 71
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 57, 0) = 57
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 62, 0) = 62
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 63, 0) = 63
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 84, 0) = 84
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 82, 0) = 82
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] select(5, [3 4], [4], NULL, NULL) = 1 (out [4])
[pid 1060] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1060] write(4,
"\305<Pu(\262\323\215x\24\262d;\206\264#[\277\301\330Z\376"..., 48) = 48
[pid 1060] select(5, [3 4], [], NULL, NULL) = 1 (in [4])
[pid 1060] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1060] read(4,
"\231m\231+\7/`\236\10R\313\365\276Ne\303<\372\3625G\372"..., 16384) = 496
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 99, 0) = 99
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 79, 0) = 79
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 88, 0) = 88
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] open("/etc/passwd", O_RDONLY) = 6
[pid 1060] fcntl64(6, F_GETFD) = 0
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fstat64(6, {st_mode=S_IFREG|0444, st_size=1386, ...}) = 0
[pid 1060] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1060] _llseek(6, 0, [0], SEEK_CUR) = 0
[pid 1060] read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1386
[pid 1060] close(6) = 0
[pid 1060] munmap(0x30019000, 4096) = 0
[pid 1060] stat64("/var/log/lastlog", 0x7fffeac0) = -1 ENOENT (No such file
or directory)
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<38>May 27 15:30:58 sshd[1060]: "..., 112, 0) = 112
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<38>May 27 15:30:58 sshd[1060]: "..., 94, 0) = 94
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 6
[pid 1060] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(6, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(6, "<39>May 27 15:30:58 sshd[1060]: "..., 55, 0) = 55
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(6) = 0
[pid 1060] open("/dev/ptmx", O_RDWR) = 6
[pid 1060] statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024,
f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0},
f_namelen=255}) = 0
[pid 1060] ioctl(6, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 1060] ioctl(6, TIOCGPTN, [10]) = 0
[pid 1060] stat64("/dev/pts/10", {st_mode=S_IFCHR|0622, st_rdev=makedev(136,
10), ...}) = 0
[pid 1060] statfs("/dev/pts/10", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024,
f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0},
f_namelen=255}) = 0
[pid 1060] ioctl(6, TIOCSPTLCK, [0]) = 0
[pid 1060] ioctl(6, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 1060] ioctl(6, TIOCGPTN, [10]) = 0
[pid 1060] stat64("/dev/pts/10", {st_mode=S_IFCHR|0622, st_rdev=makedev(136,
10), ...}) = 0
[pid 1060] open("/dev/pts/10", O_RDWR|O_NOCTTY) = 7
[pid 1060] ioctl(7, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 1060] readlink("/proc/self/fd/7", "/dev/pts/10", 4095) = 11
[pid 1060] brk(0x10094000) = 0x10094000
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 84, 0) = 84
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] ioctl(7, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 1060] ioctl(7, TCSETS, {B38400 opost isig icanon echo ...}) = 0
[pid 1060] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1060] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 1060] open("/etc/group", O_RDONLY) = 8
[pid 1060] fcntl64(8, F_GETFD) = 0
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] fstat64(8, {st_mode=S_IFREG|0644, st_size=387, ...}) = 0
[pid 1060] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30019000
[pid 1060] _llseek(8, 0, [0], SEEK_CUR) = 0
[pid 1060] read(8, "root::0:root\nbin::1:root,bin,dae"..., 4096) = 387
[pid 1060] close(8) = 0
[pid 1060] munmap(0x30019000, 4096) = 0
[pid 1060] stat64("/dev/pts/10", {st_mode=S_IFCHR|0622, st_rdev=makedev(136,
10), ...}) = 0
[pid 1060] chown("/dev/pts/10", 500, 5) = 0
[pid 1060] chmod("/dev/pts/10", 0620) = 0
[pid 1060] ioctl(6, TIOCSWINSZ, {ws_row=19, ws_col=99, ws_xpixel=0,
ws_ypixel=0}) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 99, 0) = 99
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 79, 0) = 79
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 88, 0) = 88
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] stat64("/usr/X11R6/bin/xauth", 0x7fffef10) = -1 ENOENT (No such
file or directory)
[pid 1060] write(4,
"\227\326!\207\300\204\324\271\r\341\2+\374\360\266\201"..., 96) = 96
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 97, 0) = 97
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 79, 0) = 79
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 86, 0) = 86
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 77, 0) = 77
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 69, 0) = 69
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] getuid() = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<34>May 27 15:30:58 sshd[1060]: "..., 76, 0) = 76
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 78, 0) = 78
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 8
[pid 1060] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(8, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(8, "<39>May 27 15:30:58 sshd[1060]: "..., 90, 0) = 90
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(8) = 0
[pid 1060] getuid() = 0
[pid 1060] chown("/dev/pts/10", 0, 0) = 0
[pid 1060] chmod("/dev/pts/10", 0666) = 0
[pid 1060] close(0) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 0
[pid 1060] fcntl64(0, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(0, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(0, "<39>May 27 15:30:58 sshd[1060]: "..., 71, 0) = 71
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(0) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 0
[pid 1060] fcntl64(0, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(0, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(0, "<39>May 27 15:30:58 sshd[1060]: "..., 84, 0) = 84
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(0) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 0
[pid 1060] fcntl64(0, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(0, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(0, "<39>May 27 15:30:58 sshd[1060]: "..., 71, 0) = 71
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(0) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 0
[pid 1060] fcntl64(0, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(0, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(0, "<39>May 27 15:30:58 sshd[1060]: "..., 52, 0) = 52
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(0) = 0
[pid 1060] munmap(0xfc0c000, 198012) = 0
[pid 1060] munmap(0xfbe9000, 74948) = 0
[pid 1060] munmap(0xfbbf000, 103352) = 0
[pid 1060] munmap(0xfb92000, 116108) = 0
[pid 1060] munmap(0xfb6d000, 85308) = 0
[pid 1060] munmap(0xfb4b000, 73264) = 0
[pid 1060] time([1085686258]) = 1085686258
[pid 1060] getpid() = 1060
[pid 1060] rt_sigaction(SIGPIPE, {0xfd56ebc, [], 0}, {SIG_IGN}, 8) = 0
[pid 1060] socket(PF_UNIX, SOCK_DGRAM, 0) = 0
[pid 1060] fcntl64(0, F_SETFD, FD_CLOEXEC) = 0
[pid 1060] connect(0, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
[pid 1060] send(0, "<39>May 27 15:30:58 sshd[1060]: "..., 71, 0) = 71
[pid 1060] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
[pid 1060] close(0) = 0
[pid 1060] shutdown(4, 2 /* send and receive */) = 0
[pid 1060] close(4) = 0
[pid 1060] exit(255) = ?
Process 1060 detached
<... select resumed> ) = -1 EINTR (Interrupted system call)
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 255], WNOHANG, NULL) = 1060
wait4(-1, 0x7ffff224, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigaction(SIGCHLD, NULL, {0x10004834, [], 0}, 8) = 0
select(6, [3], NULL, NULL, NULL
PAM Config file
===========
auth required /lib/security/pam_unix.so shadow nodelay
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_unix.so shadow nullok use_authtok
session required /lib/security/pam_unix.so
session required /lib/security/pam_limits.so
"Eric Caron" <ericc...@yahoo.com> wrote in message
news:c95jaa$384$1...@zcars0v6.ca.nortel.com...
>
> I changed the UsePrivilegeSeparation no but there was no difference.
>
> I haven't upgraded the openSSH to 3.8 but I don't think it would solve the
> problem. The same load works on a different system. Seems to be specific
> to this system.
>
> I tried several things.
>
> - Changed permissions on system files like /etc/group /etc/passwd
> /etc/shadow but no luck.
>
> I removed the password for the user account that I am using in the
> /etc/passwd file. I was able to ssh in after entering a bogus password 4
> times. (Not really useful)
>
> I collected a bunch of logs.
>
> I started sshd with the debug option and reproduced the problem. The logs
> confirm that do_pam_setcred function calls pam_setcred that returns a PAM
> permission denied error. I can't figure out on what permissions are
denied
> ???
>
> I also started sshd using the system trace tool and reproduced the
problem.
> I can see that ssh is reading the /etc/passwd file.
>
> I attached the log files.
>
> I am wondering where the user credentials are going.
>
> I also attached my sshd pam config file.
>
>
> Any help interpreting theses logs would be appreciated.
> Eric
>
>
> "Darren Tucker" <dtu...@dodgy.net.au> wrote in message
> news:c94382$gh4$1...@gate.dodgy.net.au...
Darren Tucker
I had a look and nothing obvious jumped out at me. All I can
suggest is to try 3.8.1p1 and if that doesn't work, open a bug at
bugzilla.mindrot.org.