SSHD creates defunct process
Darren Tucker
dtucker at zip.com.au
Wed May 11 13:59:56 EST 2005
Peter Stuge wrote:
> On Wed, May 11, 2005 at 12:17:34AM +0530, Chidanand Gangur wrote:
>>When started with strace SSHD waits in select loop.
>
> Ok, so you're on Linux.
> Try strace -fF sshd -D
Be aware that strace on Linux will change some of the behaviour of the
parent/child relationships, so while it may help it's not an ideal
diagnostic.
[and from the original posting]
>> PAM [dlerror: /lib/security/$ISA/pam_deny.so: cannot open shared
>>object file: No such file or directory]
It looks like you are missing the pam_deny.so file, or the path is wrong
in /etc/pam.d/system-auth.
>>I have placed various log messages in sshd source code .what I can
>>see is after calling do_pam_converse function from do_pam_account
>>function sshd does nothing. that is creates zombie.
>
> Hm, I'm not too familiar with the workings of the PAM but perhaps the
> trace output could help nail the problem down.
There's a bug in some versions of LinuxPAM that prevents an app from
changing of the conversation function. It's possible that PAM is
calling the wrong conversation function:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126985
I wrote a tool for figuring out what PAM is doing underneath the covers,
based in part on sshd's PAM interface code.
It's available here:
http://www.zip.com.au/~dtucker/patches/pam-test-harness.c
The documentation, such as it is, is here:
http://www.zip.com.au/~dtucker/patches/#pamtest
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list