Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to solve the problem of set_loginuid failed opening loginuid error reporting under linux". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Since using php-syslog-ng to monitor log information, we often find some error messages that have been ignored in the past, which are being solved one by one. One of the errors occurred when I logged in to the server using the key through ssh, and the log message showed:

Nov 19 10:32:20 printserver auth 10:32:20 pam_loginuid [9691]: set_loginuid failed opening loginuid

Nov 19 10:32:20 printserver auth 10:32:20 remote (pam_unix) [9691]: session opened for user root by (uid=0)

Nov 19 10:32:20 printserver auth 10:32:20 sshd [9689]: Accepted publickey for root from 192.168.228.244 port

1487 ssh3

First, reasons

Operating system: red Flag DC Server 5.0

After analyzing the previous system log, no similar error message was found, so it is suspected to be caused by the recent operation.

Analysis from two aspects:

1. Upgrade openssh-server from 4.0p1 to 4.7p1

2. Use the key login instead of the original password login.

First try to log in with the original password, there is no error; then compare the status of the original 4.0p1 version on other machines, log in with the key, and there is no error. Because when I upgrade openssh-server, I use its default configuration file instead of the configuration of the 4.0p1 version of the system, so I feel that the error is related to the configuration and login using the key.

II. Solution

After searching for information and testing, the problem can be solved by modifying the configuration file of openssh-server.

Modify / etc/ssh/sshd_config to:

# ChallengeResponseAuthentication yes

ChallengeResponseAuthentication no # turn off Challenge response

UsePAM no # does not use PAM authentication

After saving, restart the sshd service.

III. Explanation

The descriptions of the above two parameters can be annotated from the help documentation:

# Set this to 'yes' to enable PAM authentication, account processing

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication. Depending on your PAM configuration

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

To put it simply, if you turn on UsePAM, you will decide whether to use challenge response based on ChallengeResponseAuthentication (I don't know whether to translate it this way). This method is judged according to the password and is not compatible with key login, so there will be an error.

Different configurations can get completely different results from the log:

1. Close ChallengeResponseAuthentication and open UsePAM

Log in using the key:

Quote

Nov 19 10:57:20 printserver auth 10:57:20 sshd (pam_unix) [10322]: session opened for user root by root (uid=0)

Nov 19 10:57:20 printserver auth 10:57:20 sshd [10320]: Accepted publickey for root from 192.168.228.244 port 1595 ssh3

2. Open ChallengeResponseAuthentication and UsePAM

Logging in with a key will result in an error, but logging in with a password is normal:

Nov 19 12:23:33 printserver sshd (pam_unix) [24454]: session opened for user root by root (uid=0)

IV. Other

In Google, I found another solution: click

Just modify / etc/pam.d/sshd to comment on the following line:

Session required pam_loginuid.so

However, I didn't find this line in the system. Instead, you can see from the log that the error was sent by PAM calling remote, so I modified / etc/pam.d/remote to comment this line:

Quote

Session required pam_loginuid.so

In this way, confirm that the above error will not be reported again. But when you log in, the log will show:

Nov 19 10:06:31 printserver sshd [9582]: Accepted publickey for root from 192.168.228.244

Port 1228 ssh3

Nov 19 10:06:31 printserver remote (pam_unix) [9584]: session opened for user root by (uid=0)

Nov 19 10:06:31 login-- root [9584]: ROOT LOGIN ON pts/2 FROM 192.168.228.244

The host that sent the message has changed from printserver to login, and there will be errors in log classification, which is not good for use.

As for the solution caused by ◎ because the core did not turn on the CONFIG_AUDIT function

It has been confirmed that the core of Red Flag DC Server 5.0 has been opened for CONFIG_AUDIT, so the solution is not effective.

This is the end of the content of "how to solve the problem of set_loginuid failed opening loginuid error reporting under linux". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.