FS#61305 - [pambase] 20190105.1-1: ssh login denied (pam_open_session(): Cannot make/remove an entry for the sp
Attached to Project:
Arch Linux
Opened by Christoph Fink (peippo) - Tuesday, 08 January 2019, 12:57 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 08 January 2019, 18:46 GMT
Opened by Christoph Fink (peippo) - Tuesday, 08 January 2019, 12:57 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 08 January 2019, 18:46 GMT
|
Details
Description:
After the update of pambase to 20190105.1-1 I cannot login via ssh (which previously worked) journalctl -u sshd shows the following error: pam_warn(sshd:session): function=[pam_sm_open_session] flags=0 service=[sshd] terminal=[ssh] user=[RETRACTED] ruser=[<unknown>] rhost=[RETRACTED] error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session If I revert /etc/pam.d/other to its 20171006-1 version (pam_unix.so instead of pam_deny.so and pam_warn.so), ssh login works as expected Additional info: pambase-20190105.1-1 pam-1.3.1-1 openssh 7.9p1-1 machine is a KVM guest Steps to reproduce: Update pambase, try to login via ssh |
This task depends upon
Closed by Dave Reisner (falconindy)
Tuesday, 08 January 2019, 18:46 GMT
Reason for closing: Not a bug
Additional comments about closing: user configuration error
Tuesday, 08 January 2019, 18:46 GMT
Reason for closing: Not a bug
Additional comments about closing: user configuration error
#session required pam_deny.so
#session required pam_warn.so
and adding
session required pam_unix.so
is a working work around
I do now understand how other is supposed to deny access. I am using openssh from core, in version 7.9p1-1, and reinstalling the package did not change the behaviour.
I found now to my own surprise, though, that the session line in /etc/pam.d/sshd was commented out. This solved the issue completely, thanks for your help!