View previous topic :: View next topic |
Author |
Message |
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1759 Location: PB, Germany
|
Posted: Mon Mar 02, 2015 12:45 pm Post subject: [SOLVED] pam_mount failing via ssh: Conversation error_ |
|
|
Recently I merged the latest pambase updates into my system-auth with pam_mount setting. Things began to fail like xdm and now ssh login:
Code: | Mon Feb 16 11:45:29 2015 >>> sys-auth/pambase-20150213 | Now I have this merged result of the system-auth: Code: | auth required pam_env.so
auth optional pam_mount.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so |
Now I've seen ssh login does not work anymore: Code: | Mar 02 13:35:31 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/91fc8930-02d1-449e-b645-648325004e6e failed_
Mar 02 13:35:31 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Mar 02 13:35:31 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Mar 02 13:35:31 [sshd] SSH: Server;Ltype: Kex;Remote: 192.168.42.106-35194;Enc: aes128-ctr;MAC: umac-64-etm@openssh.com;Comp: none
Mar 02 13:39:41 [1squashmount_flush] squashmount flush finished.
Mar 02 13:39:41 [fcron] Job run-parts /etc/cron.hourly terminated (exit status: 1) |
Maybe these issues are related? What is wrong with that system-auth?
I even thought if I would need pam at all, but I guess using pam_mount I can't get around without pam?
As pam has changed in the years, is this old 2007 post still valid? linuxquestions.org...pam_mount-problems-in-ssh-on-gentoo-553741/..
Best regards,
Massimo _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Last edited by Massimo B. on Thu Oct 08, 2015 8:47 am; edited 1 time in total |
|
Back to top |
|
|
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1759 Location: PB, Germany
|
Posted: Wed Oct 07, 2015 6:37 am Post subject: |
|
|
Again encountering this issue, I find my own posts in the net, unanswered...
My current setup, working for local logins but pam_mount failing for ssh logins:
/etc/pam.d/sshd: | auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
|
/etc/pam.d/system-remote-login: | auth include system-login
account include system-login
password include system-login
session include system-login
|
/etc/pam.d/system-login: |
auth required pam_tally2.so onerr=succeed
auth required pam_shells.so
auth required pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
account required pam_tally2.so onerr=succeed
password include system-auth
session optional pam_loginuid.so
session required pam_env.so
session optional pam_lastlog.so silent
session include system-auth
session optional pam_ck_connector.so nox11
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
|
/etc/pam.d/system-auth: |
auth required pam_env.so
auth optional pam_mount.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so
|
Code: | Oct 07 08:15:36 [sshd] Accepted publickey for massimo from 94.... port 37063 ssh2: RSA SHA256:QXc...
Oct 07 08:15:36 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)
Oct 07 08:15:36 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Oct 07 08:15:36 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Oct 07 08:15:38 [sshd] (mount.c:68): Messages from underlying mount program:_
Oct 07 08:15:38 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_
Oct 07 08:15:38 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd4... failed_
|
Any idea?
As for the linuxquestions links above, my includes are quite right, doing the same auths as the local login. And Kerberos I don't use afaik. _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
Back to top |
|
|
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1759 Location: PB, Germany
|
Posted: Wed Oct 07, 2015 6:58 am Post subject: |
|
|
Correction, I was using login by key, but also deleting the key on the target and entering pam_mount password, the log looks like this:
Code: |
Oct 07 09:09:12 [sshd] Accepted keyboard-interactive/pam for massimo from 94... port 37277 ssh2
Oct 07 09:09:12 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)
Oct 07 09:09:12 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_
Oct 07 09:09:12 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_
Oct 07 09:09:14 [sshd] (mount.c:68): Messages from underlying mount program:_
Oct 07 09:09:14 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_
Oct 07 09:09:14 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd... failed_
Oct 07 09:09:16 [kernel] sdb: unknown partition table
|
Login remote as user via SSH: $HOME is not mounted
su - to root and su - back to my user makes the $HOME mounted as real local logins. _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
Back to top |
|
|
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1759 Location: PB, Germany
|
Posted: Thu Oct 08, 2015 8:46 am Post subject: |
|
|
Working now with
/etc/ssh/sshd_config: | ChallengeResponseAuthentication no |
What does this "challenge-response authentication" mean for sshd any why does it forward the password to pam_mount only with that disabled?
EDIT: Answered in ../pam-mount/../bugs.txt _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
Back to top |
|
|
|