OpenSSH-1.2.3: More info on ulimit problem

Mate Wierdl mw at moni.msci.memphis.edu
Fri Mar 31 03:26:59 EST 2000 

On Thu, Mar 30, 2000 at 06:23:57AM -0500, Jim Knoble wrote:
> På 2000-Mar-29 klokka 01:26:32 -0500 skrivet Jim Knoble:
> 
> : The ulimit problem appears to have reared its head again with
> : openssh-1.2.3, under Red Hat Linux 6.1 (kernel-2.2.12, glibc-2.1.2,
> : egcs-1.1.2, openssl-0.9.5, pam-0.68, pwdb-0.60):
> 
>   [...]
> 
> :   $ ssh localhost
> :   Last login: Wed Mar 29 01:10:36 2000 from quipu.earth
> :   You have mail.
> :   ulimit: cannot raise limit: Operation not permitted
> :   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Further info:  openssh-1.2.3 appears to be ignoring /etc/pam.d/sshd.
> The following pam file ought not to allow me to login via ssh:
> 
>   #%PAM-1.0
>   auth       required     /lib/security/pam_deny.so
>   account    required     /lib/security/pam_deny.so
>   password   required     /lib/security/pam_deny.so
>   session    required     /lib/security/pam_deny.so
> 
> Yet, i can still log in as though nothing were wrong.  sshd appears to
> be linked against the PAM libs:
> 
> # ldd /usr/sbin/sshd
>         libdl.so.2 => /lib/libdl.so.2 (0x40018000)
>         libnsl.so.1 => /lib/libnsl.so.1 (0x4001c000)
>         libz.so.1 => /usr/lib/libz.so.1 (0x40032000)
>         libutil.so.1 => /lib/libutil.so.1 (0x40041000)
>         libpam.so.0 => /lib/libpam.so.0 (0x40044000)
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x4004c000)
>         libc.so.6 => /lib/libc.so.6 (0x400fd000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> 
> And i'm certain i didn't build with '--without-pam':
> 
>   $ grep -B 2 -A 7 '\./configure' openssh.jmk.spec
>   %build
>   CFLAGS="${RPM_OPT_FLAGS}" \
>     ./configure \
>       --prefix="%{Prefix}" \
>       --sysconfdir="%{EtcDir}" \
>       --with-ipv4-default \
>       --with-tcp-wrappers \
>       --with-default-path="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
>   
>   make
> 
> I'm mystified.  Damien, can you confirm whether anything similar to
> this is happening for you under RHL-6.1?
> 

I am running rh 6.2beta and 6.1, and all is well with pam.  When I
tried your sshd pam file, I could not log in.

I am using the official rpms:

rpm -q openss{h,l}
openssh-1.2.3-1
openssl-0.9.4-3


But of course, I can verify the ulimit stuff.

Mate

More information about the openssh-unix-dev mailing list