| View previous topic :: View next topic |
| Author |
Message |
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1611
Location: PB, Germany
|
 Posted: Mon Mar 02, 2015 12:45 pm Post subject: [SOLVED] pam_mount failing via ssh: Conversation error_ |
 |
|
Recently I merged the latest pambase updates into my system-auth with pam_mount setting. Things began to fail like xdm and now ssh login:
| Code: | | Mon Feb 16 11:45:29 2015 >>> sys-auth/pambase-20150213 |
Now I have this merged result of the system-auth: | Code: | auth required pam_env.so
auth optional pam_mount.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so |
Now I've seen ssh login does not work anymore: | Code: | Mar 02 13:35:31 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/91fc8930-02d1-449e-b645-648325004e6e failed_
Mar 02 13:35:31 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Mar 02 13:35:31 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Mar 02 13:35:31 [sshd] SSH: Server;Ltype: Kex;Remote: 192.168.42.106-35194;Enc: aes128-ctr;MAC: umac-64-etm@openssh.com;Comp: none
Mar 02 13:39:41 [1squashmount_flush] squashmount flush finished.
Mar 02 13:39:41 [fcron] Job run-parts /etc/cron.hourly terminated (exit status: 1) |
Maybe these issues are related? What is wrong with that system-auth?
I even thought if I would need pam at all, but I guess using pam_mount I can't get around without pam?
As pam has changed in the years, is this old 2007 post still valid? linuxquestions.org...pam_mount-problems-in-ssh-on-gentoo-553741/..
Best regards,
Massimo
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme
Last edited by Massimo B. on Thu Oct 08, 2015 8:47 am; edited 1 time in total |
|
| Back to top |
|
 |
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1611
Location: PB, Germany
|
| Posted: Wed Oct 07, 2015 6:37 am Post subject: |
|
|
Again encountering this issue, I find my own posts in the net, unanswered...
My current setup, working for local logins but pam_mount failing for ssh logins:
| /etc/pam.d/sshd: | auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
|
| /etc/pam.d/system-remote-login: | auth include system-login
account include system-login
password include system-login
session include system-login
|
| /etc/pam.d/system-login: |
auth required pam_tally2.so onerr=succeed
auth required pam_shells.so
auth required pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
account required pam_tally2.so onerr=succeed
password include system-auth
session optional pam_loginuid.so
session required pam_env.so
session optional pam_lastlog.so silent
session include system-auth
session optional pam_ck_connector.so nox11
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
|
| /etc/pam.d/system-auth: |
auth required pam_env.so
auth optional pam_mount.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so
|
| Code: | Oct 07 08:15:36 [sshd] Accepted publickey for massimo from 94.... port 37063 ssh2: RSA SHA256:QXc...
Oct 07 08:15:36 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)
Oct 07 08:15:36 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Oct 07 08:15:36 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Oct 07 08:15:38 [sshd] (mount.c:68): Messages from underlying mount program:_
Oct 07 08:15:38 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_
Oct 07 08:15:38 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd4... failed_
|
Any idea?
As for the linuxquestions links above, my includes are quite right, doing the same auths as the local login. And Kerberos I don't use afaik.
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1611
Location: PB, Germany
|
| Posted: Wed Oct 07, 2015 6:58 am Post subject: |
|
|
Correction, I was using login by key, but also deleting the key on the target and entering pam_mount password, the log looks like this:
| Code: |
Oct 07 09:09:12 [sshd] Accepted keyboard-interactive/pam for massimo from 94... port 37277 ssh2
Oct 07 09:09:12 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)
Oct 07 09:09:12 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Oct 07 09:09:12 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Oct 07 09:09:14 [sshd] (mount.c:68): Messages from underlying mount program:_
Oct 07 09:09:14 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_
Oct 07 09:09:14 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd... failed_
Oct 07 09:09:16 [kernel] sdb: unknown partition table
|
Login remote as user via SSH: $HOME is not mounted
su - to root and su - back to my user makes the $HOME mounted as real local logins.
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1611
Location: PB, Germany
|
| Posted: Thu Oct 08, 2015 8:46 am Post subject: |
|
|
Working now with
| /etc/ssh/sshd_config: | | ChallengeResponseAuthentication no |
What does this "challenge-response authentication" mean for sshd any why does it forward the password to pam_mount only with that disabled?
EDIT: Answered in ../pam-mount/../bugs.txt
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
