Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Objective
=========
Getting sshd to run on an embedded computer.
Behavior
========
sshd hangs up right away if trying to connect:
tilman # ssh -l root 192.168.1.49
Connection closed by 192.168.1.49
Questions:
=========
a) What do I need to do to get it running ? I suspect it is related to the key generation which I ran on the host -- and not on the target system (embedded box).
b) Is there documentation available to (cross-)compile it and install it manually from scratch ? I guess I would need to compile libc as well which I remember as being pretty nasty -- I don't recall whether I succeeded or gave up :-)
Setup on the embedded computer
==============================
a) Kernel 2.6.24 (booted via tftp)
b) RootFS via nfs
c) Applications (on nfs:
1) Busybox
2) sshd
3) nothing else (no other applications)
sshd details:
=============
a) I manually compied sshd, needed libraries, and config files from my gentoo host (kernel 2.6.18-gentoo)to the nfs share later on mounted by the embedded box as rootfs. That avoided recompilation.
lib:
ld-2.4.so
libc-2.4.so
libcrypt-2.4.so
libdl-2.4.so
libm-2.4.so
libnsl-2.4.so
libpam.so.0.78
libresolv-2.4.so
libutil-2.4.so
libwrap.so.0.7.6
libz.so.1.2.3
b) I generated the keys with ssh-keygen on the host and copied them
into etc/ssh
ssh-keygen -t rsa1 -b 1024 -f ssh_host_key
ssh-keygen -t rsa -b1024 -f ssh_host_rsa_key
ssh-keygen -t dsa -f ssh_host_dsa_key
c) I copied config file from the etc directory and modified them as needed:
1) nsswitch.conf
passwd: compat
shadow: compat
group: compat
# passwd: db files nis
# shadow: db files nis
# group: db files nis
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# here are the new patched ldap related tokens
# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
#UseLPK yes
#LpkLdapConf /etc/ldap.conf
#LpkServers ldap://10.1.7.1 ldap://10.1.7.2
#LpkUserDN ou=users,dc=phear,dc=org
#LpkGroupDN ou=groups,dc=phear,dc=org
#LpkBindDN cn=Manager,dc=phear,dc=org
#LpkBindPw secret
#LpkServerGroup mail
#LpkForceTLS no
#LpkSearchTimelimit 3
#LpkBindTimelimit 3
# override default of no subsystems
Subsystem sftp /usr/lib/sftp-server
Did you add the public key information from your local hosts to authorized_keys on the embedded device? Does the embedded device keep logs? The logs may indicate more clearly what the problem is. Also try "ssh -l -v root 192.168.1.49" to get more information on why the connection was dropped.
>Did you add the public key information from your local hosts to >authorized_keys on the embedded device?
No, I did not -- I thought this is exchange when loggin in for the first time.
>Does the embedded device keep logs?
No, it does not -- noe syslogd installed (yet)
> Also try "ssh -l -v root 192.168.1.49" to get more information on why > the connection was dropped.
ssh -vvv 192.168.1.49
OpenSSH_4.3p2, OpenSSL 0.9.7j 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.49 [192.168.1.49] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1030/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 12
debug1: Host '192.168.1.49' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:12
debug2: bits set: 1023/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
Connection closed by 192.168.1.49
You need to add the public key of the user logging in (root) to the embedded devices authorized_keys file. The known_hosts file is added at the client side when making a new connection. One possible problem might be if you su'ed to root without "su -" and you have the wrong $HOME environment. Would it be possible to create a regular user on the embedded device that matches your regular users name.
If you use PAM authentication to log in, you would be able to log in as "user@system" and supply the password to log in. This would allow you to log in from anywhere, not only your own system. If however you use key exchange, then your key needs to exist, so if you log in as a different user, then the user's key you are logging in as "-l user" doesn't exist if your environment ( $HOME value ) is different.
Also check if the /root/.ssh/id_rsa key exists and that the permissions are disabled for group and others. Also check the permissions of the /root/ directory. If it is globally readable, then ssh will balk.
>if you use PAM authentication to log in, you would be able to log in as "user@system" and supply the password to log in. This would allow >you to log in from anywhere, not only your own system.
I would like to use PAM to login, and I guess PAM is not working:
debug1: PAM: initializing for "root"
PAM: initialisation failed
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
What am i doing wrong ? Is libpam not found ? Or is this related to the configfile nsswitch.conf ?
debug1: attempt 0 failures 0
Invalid user root from 192.168.1.1
debug3: Trying to reverse map address 192.168.1.1.
input_userauth_request: invalid user root
debug1: PAM: initializing for "root"
PAM: initialisation failed
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
Are you certain that you still have "AllowRootLogin yes" in sshd_config? Also look at the /etc/securetty file and the files in /etc/security. As well check the /etc/passwd file. Is the root account disabled? Are root logins disabled in securetty?
Could you create a regular user account on the embedded device. I don't like the idea of root logins. Plus logging in as a regular user would test if that works.
Could you post your current sshd_config file. It's been edited since the first post. Also, please enclose it in [ code ] blocks to make it easier to read.
If you have a regular user in "AllowUsers" that may deny any other user including root from logging on.
Another thing to try is to go back to using pam for authentication as well. I'm wondering if root would still be an invalid user.
I figured out that i did not copy all pam releated libraries (and I am still not sure if they are complete now).
The box still refuses a root login -- but it does not hang up right away now. I think this is now related to
configuration of PAM.
> Are you certain that you still have "AllowRootLogin yes" in sshd_config?
In the config file sample I have the option is called "PermitRootLogin" and it is set to yes. I posted the config
file below
>Could you create a regular user account on the embedded device.
> I don't like the idea of root logins.
That I understand -- the embedded box will however reside in my network behind the firewall.
I will need to frequently login as root -- hence I would to prefer to login as root until everything runs
properly
>Plus logging in as a regular user >would test if that works.
tried that -- does not work either.
sshd log message is identical as for root:
Code:
Postponed keyboard-interactive for invalid user tilman from 192.168.2.10 port 29532
Copied files related to PAM:
============================
a) /lib:
lib/libpam.so.0.78
lib/libpam_misc.so.0.78
lib/libpamc.so.0.78
b) I copied all libraries in /lib/security
c) I copied files in etc:
etc/pam.d/sshd
etc/pam.d/system-auth
etc/shells
Pam Config Files:
=================
a) etc/pam.d/sshd
Code:
#%PAM-1.0
auth include system-auth
auth required pam_shells.so
auth required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# here are the new patched ldap related tokens
# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
#UseLPK yes
#LpkLdapConf /etc/ldap.conf
#LpkServers ldap://10.1.7.1 ldap://10.1.7.2
#LpkUserDN ou=users,dc=phear,dc=org
#LpkGroupDN ou=groups,dc=phear,dc=org
#LpkBindDN cn=Manager,dc=phear,dc=org
#LpkBindPw secret
#LpkServerGroup mail
#LpkForceTLS no
#LpkSearchTimelimit 3
#LpkBindTimelimit 3
# override default of no subsystems
Subsystem sftp /usr/lib/sftp-server
Some Output from the sshd
=========================
Code:
...
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
Invalid user root from 192.168.2.10
debug3: Trying to reverse map address 192.168.2.10.
input_userauth_request: invalid user root
debug1: PAM: initializing for "root"
debug1: PAM: setting PAM_RHOST to "192.168.2.10"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: input_userauth_request: try method none
Failed none for invalid user root from 192.168.2.10 port 4940 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-inte
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=root devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
Postponed keyboard-interactive for invalid user root from 192.168.2.10 port 4940 ssh2
I extracted the sshd_conf file from my original openssh rpm and compared it with yours.
Code:
diff sshd_config ../../../testsshd_conf
1c1
< # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
---
> # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
28d27
<
37c36
< #PermitRootLogin yes
---
> PermitRootLogin yes
43c42
< #AuthorizedKeysFile .ssh/authorized_keys
---
> #AuthorizedKeysFile .ssh/authorized_keys
56c55
< PasswordAuthentication no
---
> #PasswordAuthentication yes
72,87c71,78
< # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
< # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
< # in this release. The use of 'gssapi' is deprecated due to the presence of
< # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
< #GSSAPIEnableMITMAttack no
<
<
< # Set this to 'yes' to enable PAM authentication, account processing,
< # and session processing. If this is enabled, PAM authentication will
< # be allowed through the ChallengeResponseAuthentication and
< # PasswordAuthentication. Depending on your PAM configuration,
< # PAM authentication via ChallengeResponseAuthentication may bypass
< # the setting of "PermitRootLogin without-password".
< # If you just want the PAM account and session checks to run without
< # PAM authentication, then enable this but set PasswordAuthentication
< # and ChallengeResponseAuthentication to 'no'.
---
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication mechanism.
> # Depending on your PAM configuration, this may bypass the setting of
> # PasswordAuthentication, PermitEmptyPasswords, and
> # "PermitRootLogin without-password". If you just want the PAM account and
> # session checks to run without PAM authentication, then enable this but set
> # ChallengeResponseAuthentication=no
92c83
< X11Forwarding yes
---
> #X11Forwarding no
99c90
< #UsePrivilegeSeparation yes
---
> UsePrivilegeSeparation no
112,113c103,115
< # override default of no subsystems
< Subsystem sftp /usr/lib64/ssh/sftp-server
---
> # here are the new patched ldap related tokens
> # entries in your LDAP must have posixAccount & ldapPublicKey objectclass
> #UseLPK yes
> #LpkLdapConf /etc/ldap.conf
> #LpkServers ldap://10.1.7.1 ldap://10.1.7.2
> #LpkUserDN ou=users,dc=phear,dc=org
> #LpkGroupDN ou=groups,dc=phear,dc=org
> #LpkBindDN cn=Manager,dc=phear,dc=org
> #LpkBindPw secret
> #LpkServerGroup mail
> #LpkForceTLS no
> #LpkSearchTimelimit 3
> #LpkBindTimelimit 3
115,124c117,118
< # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
< AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
< AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
< AcceptEnv LC_IDENTIFICATION LC_ALL
<
< # Example of overriding settings on a per-user basis
< #Match User anoncvs
< # X11Forwarding no
< # AllowTcpForwarding no
< # ForceCommand cvs server
---
> # override default of no subsystems
> Subsystem sftp /usr/lib/sftp-server
Here are the files supplied by my openssh package:
Maybe the comparisons may help. One line I did notice was about UsePrivilegeSeparation. Even if that isn't the cause of the problem, not using the default "UsePrivilegeSeparation yes" is a bad idea.
More trial and error
====================
I reconfigured the host to collect syslog message via udp.
And I am using busybox's syslogd to send log message to the host.
Seeing the log,
Code:
Apr 15 00:49:57 192.168.1.49 sshd[850]: PAM unable to dlopen(/lib/security/pam_cracklib.so)
Apr 15 00:49:57 192.168.1.49 sshd[850]: PAM [dlerror: libcrack.so.2: cannot open shared object file: No such file or directory]
Apr 15 00:49:57 192.168.1.49 sshd[850]: PAM adding faulty module: /lib/security/pam_cracklib.so
Apr 15 00:49:57 192.168.1.49 sshd[850]: PAM _pam_init_handlers: no default config /etc/pam.d/other
I figured out that
/lib/libcrack.so
/etc/pam.d/other
needed to be copied as well.
Using find, I identified some files that are potentially needed as well
usr/share/dict/cracklib-small
/usr/lib/cracklib_dict.hwm
/usr/lib/cracklib_dict.pwd
/usr/lib/cracklib_dict.pwi
/usr/lib/libcrack.a
/usr/lib/libcrack.la
/usr/lib/libcrack.so
Question
========
I am stuck again -- what is now missing? What could pam_unix require ?
LogFile:
=========
I issued: ssh -l root 192.168.1.49
Password:
Use ldd to examine the libraries that pam_unix loads. How did you install ssh and pam? Why are you missing dependencies? It seems you are experiencing an installation problem rather than an ssh specific problem.
Tried ldd already. I just reconfirmed -- the dependecies on my machine are met.
>How did you install ssh and pam? Why are you missing dependencies? It seems you are experiencing an installation problem rather than an ssh >specific problem.
That is not really surprising -- I am manually copying the needed binaries and config file of ssh from the host system (gentoo kernel version 2.6.18) to the embedded system (I wrote that in my first post). The idea is to avoid recompilation of libc which I remember as
rather nasty. And I want to copy only those binaries to the embedded box that I really need. I am open to suggestion for better approaches.
As far as I know, cross compiling on a host system is usually used. If the embedded system has a regular distribution, then you could simply install packages, or at least list the contents of packages on the host system and study the package scripts to make sure nothing is missed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
