Possible SSH PAM PTY allocation issue -


i have linux ubuntu server hosted on amazon ec2. there around 3000+ linux users created on system userid user_1, user_2 & on.

surprisingly users till user_2685 able login via ssh server. not beyond that.

i have changed loglevel debug3 in /etc/ssh/sshd_config . pasting relevant content.

  1. relevant dump when user fails login - http://pastebin.com/ns2jc8vg
 apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug1: allocating pty. apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug3: mm_request_send entering: type 26 apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug3: mm_pty_allocate: waiting monitor_ans_pty apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug3: mm_request_receive_expect entering: type 27 apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug3: mm_request_receive entering apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug3: mm_request_receive entering apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug3: monitor_read: checking request 26 apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug3: mm_answer_pty entering apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug2: session_new: allocate (allocated 0 max 10) apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug3: session_unused: session id 0 unused apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug1: session_new: session 0 apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18802]: debug1: selinux support disabled apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug1: do_cleanup apr 18 10:18:00 domu-12-31-39-01-86-0c sshd[18879]: debug3: pam: sshpam_thread_cleanup entering
  1. relevant dump when user login - http://pastebin.com/vuxnpdsr
 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: allocating pty. apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug3: mm_request_send entering: type 26 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug3: mm_pty_allocate: waiting monitor_ans_pty apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug3: mm_request_receive_expect entering: type 27 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug3: mm_request_receive entering apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: mm_request_receive entering apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: monitor_read: checking request 26 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: mm_answer_pty entering apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug2: session_new: allocate (allocated 0 max 10) apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: session_unused: session id 0 unused apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug1: session_new: session 0 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug1: selinux support disabled apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: mm_request_send entering: type 27 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18880]: debug3: mm_answer_pty: tty /dev/pts/37 ptyfd 4 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: session_pty_req: session 0 alloc /dev/pts/37 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: ignoring unsupported tty mode opcode 11 (0xb) apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: ignoring unsupported tty mode opcode 17 (0x11) apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: server_input_channel_req: channel 0 request shell reply 1 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: session_by_channel: session 0 channel 0 apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug1: session_input_channel_req: session 0 req shell apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug2: fd 3 setting tcp_nodelay apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug2: channel 0: rfd 9 isatty apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug2: fd 9 setting o_nonblock apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18957]: debug3: fd 7 o_nonblock apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18958]: debug1: setting controlling tty using tiocsctty. apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18958]: debug3: copy environment: path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games apr 18 10:20:07 domu-12-31-39-01-86-0c sshd[18958]: debug3: copy environment: lang=en_us.utf-8 apr 18 10:20:07 domu-12-31-39-01-86-0c jk_chrootsh[18958]: entering jail /opt/users-rails-apps user user_1 (1001) arguments

update 1:

the above dumps /var/log/auth.log on server. below dumps on client. putting relevant part of dump differs

successful login

 debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: pty allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0

unsuccessful login

 debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: following connections open:   #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)  connection www.codelearn.org closed remote host. connection www.codelearn.org closed. transferred: sent 2488, received 1472 bytes, in 0.8 seconds bytes per second: sent 3043.4, received 1800.6 debug1: exit status -1

os : ubuntu precise 12.04

openssh server: openssh_5.9p1 debian-5ubuntu1.1, openssl 1.0.1 14 mar 2012

ssh client: not matter have tried ubuntu mac & behavior same.

update 2:

btw - not problem pam such can su user_3000 & new user logs in & gets pty too.

also doing ssh without asking pty ssh -t user_3000@www.codelearn.org logs user in. stops post login & no prompt appears. because no prompt asked @ first place.

have checked sshd_config ensure no maxing out issues occurring?

lookout clientalivecountmax maxsessions maxstartups

specifically maxsessions since unsuccessful login message lists bunch of open connections reason. increase number , check behavior.

you can read more here - http://www.manpagez.com/man/5/sshd_config/


Comments

Post a Comment

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

running rails generate controller foo home results in: class foocontroller < application controller def home end end (there's nothing on line in actual file, blank line) is there purpose blank line? it's common use newline indicate end of line, last line. many editors (like vi, use) add in newline silently. consensus text files (especially in unix world) should end in newline, , there have been problems historically if wasn't present. why should text files end newline? the tool used count lines in file "wc" counts newlines in file, without trailing newline show 3 instead of 4. it improves readability of templates used in generator. consider: https://github.com/rails/rails/blob/master/railties/lib/rails/generators/rails/controller/templates/controller.rb to remove trailing newline, template have last line of: end<% end -%> instead of: end <% end -%> that seems less readable me. the discussion below refers
Read more

keyboard - Smiles and long press feature in Android -

i've created android keyboard. how add features inserting smilies, , using long keypresses display symbols? to create long-press behavior allows select several options pop-up menu, follow guide (specifically pop-up menu section): http://developer.android.com/guide/topics/ui/menus.html smileys (also known emoticons) combination of keys, understood programs , parsed same way. have do, when clicks smiley face on keyboard, simulate pressing of key combination matching emoticon. example, when clicks smiley, should simulate key presses ':' , ')' :). here's list of emoticons: http://en.wikipedia.org/wiki/list_of_emoticons
Read more

node.js - Bad Request - node js ajax post -

i'm using express 3.0 , node v0.11.0. have button submits form , i'm using ajax post data json object node server. client code is: $('#contact').submit(function(e) { console.log('submit called'); var formdata = json.stringify($('form').serializeobject()); console.log(formdata); $.ajax({ url: "http://localhost:3000/savedata/", type: "post", datatype: 'json', data: {objectdata: formdata}, contenttype: "application/json", complete: function() { console.log('process complete'); }, success: function(data) { console.log('process sucess'); }, error: function() { console.log('process error'); }, }); return false; }); then on server: var express = require('express'); var app = express(); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.bodyparser());
Read more