Suggestion: SSHD pseudo/fake mode. Source available.

Darren Tucker dtucker at zip.com.au
Sun Feb 27 23:51:57 EST 2005


Daniel Kastenholz wrote:
> Hope this helps.

Thanks.  It does, I think.

What can you tell me about the host?  It doesn't happen to be a recent 
Linux (with glibc-2.3.x), does it?

> Failed keyboard-interactive for illegal user root from ::ffff:127.0.0.1 
> port 32772 ssh2
> Connection closed by ::ffff:127.0.0.1
> debug1: Calling cleanup 0x8066f50(0x0)
> debug1: PAM: cleanup
> debug1: Calling cleanup 0x80733b0(0x0)

I can reproduce it on my FC3 box.  In my case, it appears to be because 
getnameinfo() does some dlopen tricks which don't work in a chroot, and it 
actually blows up deep inside glibc.

If this all applies to you, you can confirm this is the cause by doing:

# cp -a /lib /var/empty

(or wherever you configured the sshd privsep dir to be) and repeating the 
test.  This is not a good long-term solution, though.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list