Am 14.02.2014 14:32, schrieb Daniel P. Berrange:
On Fri, Feb 14, 2014 at 02:17:24PM +0100, Tom Kuther wrote:
> Am 14.02.2014 13:42, schrieb Stephan Sachse:
>> set LogLevel to DEBUG3. keyexchange is down. put then hangs for some
>> time und sshd dies
>>
>> sshd[269]: debug1: KEX done [preauth]
>> sshd[269]: debug1: userauth-request for user root service
>> ssh-connection method none [preauth]
>> sshd[269]: debug1: attempt 0 failures 0 [preauth]
>> sshd[269]: debug3: mm_getpwnamallow entering [preauth]
>> sshd[269]: debug3: mm_request_send entering: type 8 [preauth]
>> sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
>> sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth]
>> sshd[269]: debug3: mm_request_receive entering [preauth]
>> sshd[269]: debug3: mm_request_receive entering
>> sshd[269]: debug3: monitor_read: checking request 8
>> sshd[269]: debug3: mm_answer_pwnamallow
>> sshd[269]: debug3: Trying to reverse map address 10.1.25.151.
>> systemd[1]: Received SIGCHLD from PID 270 (sshd).
>> systemd[1]: Got SIGCHLD for process 270 (sshd)
>> systemd[1]: Child 270 died (code=killed, status=15/TERM)
>>
>>> Also keep in mind that running a compete distro within LXC + user namespaces
requires
>>> some changes. Like disabling pam_loginuid.so in pam.
>>> For systemd distros you have to remove OOMScoreAdjust= and
CapabilityBoundingSet= from all units...
>>
>> yes, i know. i have no errors from systemd, all looks fine with "exec
>> /sbin/init systemd.log_level=debug"
>>
>> /stephan
>>
>
> I have the same problem on a slightly different setup. Both host and
> guest are Archlinux with systemd-208, libvirt-git with the chown() patches.
>
> LXC Console login works fine (and I do not have such issues with messed
> up console), but login via SSH fails with the exact same symptoms.
Most likely is the pam_loginuid module denying access. Sadly I find
debugging PAM a complete pain - if anyone knows how to make it spew
logs for each module executed and then accept/reject state, that'd
be awesome for troubleshooting this.
Daniel
I have that disabled. As I wrote in the other mail, it seems to be a
funny DNS lookup problem. Setting UseDNS=no in sshd_config fixes it.
But there is a more general problem with local LAN DNS lookup. I do have
set the router's DNS server in /etc/resolv.conf, yet I cannot reach any
clients on the LAN using their lan hostname.domainname - this works fine
when not using user namespace. Using their IP works, Internet DNS lookup
works, too.
Interface type for the container is bridge via the hosts's br0.
No idea if this could be a libvirt, kernel or systemd problem.
~tom