Suggestion: SSHD pseudo/fake mode. Source available.

[Daniel Kastenholz]

It's a Suse 9.0 system; not the latest distribution, admittedly, but up 
to date as for the patches.

# rpm -qa | grep glibc
glibc-devel-2.3.2-87
glibc-2.3.2-88
glibc-locale-2.3.2-87
glibc-info-2.3.2-97

# cat /proc/sys/kernel/osrelease
2.4.21-273-default

# rpm -qa | grep pam
pam-modules-9.0-5
yast2-pam-2.8.5-65
pam-0.77-129


Darren Tucker schrieb:

> Daniel Kastenholz wrote:
>
>> Hope this helps.
>
>
> Thanks.  It does, I think.
>
> What can you tell me about the host?  It doesn't happen to be a recent 
> Linux (with glibc-2.3.x), does it?
>
>> Failed keyboard-interactive for illegal user root from 
>> ::ffff:127.0.0.1 port 32772 ssh2
>> Connection closed by ::ffff:127.0.0.1
>> debug1: Calling cleanup 0x8066f50(0x0)
>> debug1: PAM: cleanup
>> debug1: Calling cleanup 0x80733b0(0x0)
>
>
> I can reproduce it on my FC3 box.  In my case, it appears to be 
> because getnameinfo() does some dlopen tricks which don't work in a 
> chroot, and it actually blows up deep inside glibc.
>
> If this all applies to you, you can confirm this is the cause by doing:
>
> # cp -a /lib /var/empty
>
> (or wherever you configured the sshd privsep dir to be) and repeating 
> the test.  This is not a good long-term solution, though.
>