ssh quebrado - “Falha na gravação: cano quebrado” e “setresuid 1000: recurso temporariamente indisponível”

4

Parece que eu quebrei o ssh na minha máquina!

Se eu correr:

sudo /usr/sbin/sshd -d

Eu recebo:

debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

Depois de outro terminal:

ssh localhost

me dá:

Write failed: Broken pipe

E na depuração eu recebo:

debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 57699
debug1: Client protocol version 2.0; client software version OpenSSH_5.8p1 Debian-7ubuntu1
debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: permanently_set_uid: 114/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user tdiethe service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "tdiethe"
debug1: userauth-request for user tdiethe service ssh-connection method publickey
debug1: attempt 1 failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: PAM: setting PAM_RHOST to "zoostorm"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: temporarily_use_uid: 1000/0 (e=0/0)
debug1: trying public key file /home/tdiethe/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/tdiethe/.ssh/authorized_keys': No such file or directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/0 (e=0/0)
debug1: trying public key file /home/tdiethe/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/tdiethe/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for tdiethe from ::1 port 57699 ssh2
debug1: userauth-request for user tdiethe service ssh-connection method password
debug1: attempt 2 failures 1
debug1: PAM: password authentication accepted for tdiethe
debug1: do_pam_account: called
Accepted password for tdiethe from ::1 port 57699 ssh2
debug1: monitor_child_preauth: tdiethe has been authenticated by privileged process
debug1: PAM: establishing credentials
User child is on pid 16189
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/0
setresuid 1000: Resource temporarily unavailable
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials

Parece ser o

setresuid 1000: Resource temporarily unavailable

que está causando o problema - alguma ideia do que isso causa?

    
por tdc 27.03.2012 / 22:05

1 resposta

2
setresuid 1000: Resource temporarily unavailable

Esse erro significa que o servidor SSH falhou ao iniciar um shell como usuário, porque já existem muitos processos sendo executados como usuário.

Se você puder entrar no sistema de alguma forma, verifique se há processos de fuga e faça algumas mortes.

Se você vê apenas o uso normal, o número máximo de processos por usuário é muito baixo para você. O comando bash / zsh ulimit -u mostrará o valor atual do limite. Aumente o nproc limite em /etc/security/limits.conf , por exemplo

tdiethe hard nproc 200
    
por Gilles 27.03.2012 / 22:24

Tags