On Fri, Feb 14, 2014 at 02:17:24PM +0100, Tom Kuther wrote:
Am 14.02.2014 13:42, schrieb Stephan Sachse:
set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies
sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM)
Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units...
yes, i know. i have no errors from systemd, all looks fine with "exec /sbin/init systemd.log_level=debug"
/stephan
I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches.
LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms.
Most likely is the pam_loginuid module denying access. Sadly I find debugging PAM a complete pain - if anyone knows how to make it spew logs for each module executed and then accept/reject state, that'd be awesome for troubleshooting this. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|