View Issue Details

IDProjectCategoryView StatusLast Update
0001245CentOS-4Otherpublic2006-09-03 10:31
Reporterstrcmp 
PrioritynormalSeveritymajorReproducibilityalways
Status assignedResolutionopen 
Product Version4.3 - i386 
Target VersionFixed in Version 
Summary0001245: Openssh is not logging who is online.
DescriptionAfter the today openssh upgrade, it stopped logging how is online. Follows the packages yum instaled today.

openssh-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12
openssh-clients-3.9p1-8.RHEL4.12
Additional Information[root@xxx ~]# w
 00:02:27 up 12:27, 0 users, load average: 0.00, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[root@xxx ~]# export | grep SSH
declare -x SSH_CLIENT="192.168.160.5 52270 22"
declare -x SSH_CONNECTION="192.168.160.5 52270 192.168.160.10 22"
declare -x SSH_TTY="/dev/pts/1"
TagsNo tags attached.

Activities

sami

sami

2006-03-14 16:56

reporter   ~0003242

I can confirm this problem, sshd logs say "syslogin_perform_logout: logout() returned an error". Increasing the debugging level doesn't give any further details.
ghostspace

ghostspace

2006-03-30 02:52

reporter   ~0003297

I am confirming I have experienced the same problem.

When will this package be updated to fix this?
JohnnyHughes

JohnnyHughes

2006-03-30 09:32

administrator   ~0003298

Last edited: 2006-03-30 09:34

I can not duplicate this issue with centos 4.3 updates installed via either i386 or x86_64. Below is a connection from my normal workstation to a 4.3 machine and testing. I have tried this on 4 machines, all the same results:
---------------------------------------------------------
[johnny@myth ~]$ ssh -l buildcentos 192.168.0.40
Last login: Mon Mar 6 20:21:56 2006 from myth.home.local

[buildcentos@build-i386 ~]$ w
 03:26:00 up 21 days, 20:32, 1 user, load average: 2.00, 2.00, 2.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
buildcen pts/1 myth.home.local 03:25 0.00s 0.02s 0.00s w

[buildcentos@build-i386 ~]$ export | grep SSH
declare -x SSH_ASKPASS="/usr/libexec/openssh/gnome-ssh-askpass"
declare -x SSH_CLIENT="::ffff:192.168.0.4 33834 22"
declare -x SSH_CONNECTION="::ffff:192.168.0.4 33834 ::ffff:192.168.0.40 22"
declare -x SSH_TTY="/dev/pts/1"

[buildcentos@build-i386 ~]$ rpm -qa | grep openssh
openssh-3.9p1-8.RHEL4.12.i386
openssh-clients-3.9p1-8.RHEL4.12.i386
openssh-askpass-gnome-3.9p1-8.RHEL4.12.i386
openssh-server-3.9p1-8.RHEL4.12.i386
openssh-askpass-3.9p1-8.RHEL4.12.i386
----------------------------------
Did you restart sshd after your updates?

petersv

petersv

2006-03-30 10:35

reporter   ~0003300

I also experience this problem after a 4.2 -> 4.3 upgrade. The machine hase been rebooted after the upgrade.
ghostspace

ghostspace

2006-03-30 14:08

reporter   ~0003302

Last edited: 2006-03-30 14:15

Yes machine has been rebooted and ssh restarted.
Problem appears to be with this version of SSH running under VPS.
When openssh was installed originally it worked fine but after upgrade it hasn't with with auditing.

chris@plunger [~]# w
 09:05:27 up 8 days, 8:13, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 24Mar06 5days 41.70s 0.03s -bash
chris@plunger [~]# export | grep SSH
declare -x SSH_CLIENT="::ffff:192.168.1.240 4486 22"
declare -x SSH_CONNECTION="::ffff:192.168.1.240 4486 ::ffff:192.168.1.202 22"
declare -x SSH_TTY="/dev/pts/1"
chris@plunger [~]# rpm -qa |grep openssh
openssh-clients-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12
openssh-3.9p1-8.RHEL4.12
chris@plunger [~]# uname -i
i386
chris@plunger [~]# uname -r
2.6.12.6-xenU
chris@plunger [~]#


and to go along with the reboot theory here is my last output:

chris@plunger [~]# last |more
root tty1 Fri Mar 24 03:14 still logged in
root tty1 Fri Mar 24 03:12 - 03:14 (00:01)
root tty1 Fri Mar 24 02:30 - 03:09 (00:38)
root tty1 Wed Mar 22 00:51 - 03:21 (1+02:29)
reboot system boot 2.6.12.6-xenU Wed Mar 22 00:50 (8+08:19)
root tty1 Tue Mar 21 23:48 - down (01:01)
reboot system boot 2.6.12.6-xenU Tue Mar 21 23:48 (01:02)
chris pts/0 12.107.94.40 Tue Mar 21 23:37 - down (00:10)
root tty1 Tue Mar 21 23:26 - down (00:21)
reboot system boot 2.6.12.6-xenU Tue Mar 21 23:25 (00:22)


system has been rebooted 2x since initial yum update.

I really wish it was a reboot cause this would be fixed now.
I really hate bug reports since it always feels like I am the only one experiencing these issues. Luckily others appear to be using CentOS as a VPS and are experiencing the same problems. So this makes me feel a little better that "I am not alone" ;-).

If anyone can think of something I can try or if I can provide more information to help with this matter please let me know.

Thanks

ghostspace

ghostspace

2006-03-30 14:23

reporter   ~0003303

Mar 30 09:22:39 plunger sshd[1724]: syslogin_perform_logout: logout() returned an error
JohnnyHughes

JohnnyHughes

2006-03-30 14:58

administrator   ~0003305

This seems to be a VPS issue only, the best I can tell.

is that true for eveyone envolved.

I compared the CentOS files to the upstream version ... they are the same.
sami

sami

2006-03-30 15:02

reporter   ~0003306

I would really like to get this resolved as well. I would be happy to provide any further information that might help.

This system has not been rebooted after the openssh upgrade, sshd has of course been restarted. No VPS here either.

--------------

[sami@builder ~]$ cat /etc/redhat-release
CentOS release 4.3 (Final)

[sami@builder ~]$ rpm -qa | grep openssh
openssh-askpass-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12
openssh-3.9p1-8.RHEL4.12
openssh-clients-3.9p1-8.RHEL4.12

[sami@builder ~]$ uname -a
Linux builder 2.6.15.5-builder2 #3 SMP Sat Mar 4 13:48:18 EET 2006 x86_64 x86_64 x86_64 GNU/Linux

[sami@builder ~]$ export | grep SSH
declare -x SSH_CLIENT="192.168.0.3 42447 22"
declare -x SSH_CONNECTION="192.168.0.3 42447 192.168.0.65 22"
declare -x SSH_TTY="/dev/pts/1"

[sami@builder ~]$ w
 17:53:52 up 26 days, 2:58, 0 users, load average: 1.18, 0.48, 0.27
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

[sami@builder ~]$ netstat -na | grep ESTABLISHED | grep "192.168.0.65:22"
tcp 0 0 192.168.0.65:22 192.168.0.3:42447 ESTABLISHED
tcp 0 0 192.168.0.65:22 192.168.0.1:44423 ESTABLISHED
tcp 0 0 192.168.0.65:22 192.168.0.1:44434 ESTABLISHED
ghostspace

ghostspace

2006-03-30 15:46

reporter   ~0003308

guess its not just a VPS issue.
JohnnyHughes

JohnnyHughes

2006-03-30 16:01

administrator   ~0003309

Last edited: 2006-03-30 16:01

sami -> so your machine is a standard CentOS-4.3 machine with no VPS or VM software installed (ie, no Xen, no VMWARE, no Virtuozzo, not running under QEMU, etc.).

You have the standard openssl, openssh from CentOS-4.3 installed.

Because I can not duplicate this issue either on a new install OR on an upgrade.

petersv

petersv

2006-03-30 16:17

reporter   ~0003310

FYIW: we do not use xen or any other form of virtualization, userland or other.
We are ap to date according to yum.

openssl-0.9.7a-43.8
openssh-server-3.9p1-8.RHEL4.12 - x86_64
sami

sami

2006-03-30 16:22

reporter   ~0003311

> your machine is a standard CentOS-4.3 machine with no VPS or VM software installed

That's right. I installed CentOS 4.2 on this machine, then later upgraded with yum to 4.3.

> You have the standard openssl, openssh from CentOS-4.3 installed.

Correct again. Only the kernel has been manually upgraded to 2.6.15, no other changes.

[sami@builder ~]$ rpm -qa | grep ^openssl
openssl-0.9.7a-43.8
openssl-devel-0.9.7a-43.8
JohnnyHughes

JohnnyHughes

2006-03-30 19:34

administrator   ~0003314

Last edited: 2006-03-30 19:37

sami -> just for testing, can you boot a CentOS Kernel and test this.

It seems that 2.6.15 changes /proc wrt to users.

petersv -> are you possibly not using a CentOS Kernel on your machine(s)

petersv

petersv

2006-03-30 19:52

reporter   ~0003315

The kernel is still 2.6.9-11.106.unsupported, I have not got around to switching it yet. (Holding off for the centosplus kernel).
fcjohn

fcjohn

2006-03-31 00:54

reporter   ~0003318

Last edited: 2006-03-31 00:56

Just as a note, I'm seeing the same problem on a RHEL4u3 machine, also x86_64. No Xen, Vmware, etc.

--------------

$ rpm -qa | grep openssh
openssh-clients-3.9p1-8.RHEL4.12
openssh-3.9p1-8.RHEL4.12
openssh-askpass-gnome-3.9p1-8.RHEL4.12
openssh-askpass-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12

$ uname -a
Linux host1 2.6.9-11.ELsmp 1 SMP Fri May 20 18:25:30 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux

sami

sami

2006-03-31 01:23

reporter   ~0003319

Looks like an upstream bug that is triggered by kernels without audit support:

  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182930

> just for testing, can you boot a CentOS Kernel and test this

I won't be able to reboot the machine for a couple of days at least, so I cannot confirm this at the moment.
ywliu

ywliu

2006-03-31 03:47

reporter   ~0003320

I have a quick workaround here. Add

UseLogin yes

to your sshd_config, to use login to do the logging.

As the default Openssh doesn't use login probably for security reasons. So, this is just a temporary workaround and at least works for me.
boutilpj

boutilpj

2006-04-05 13:09

reporter   ~0003351

The problem definately caused by not having auditting support in custom kernels. This problem appears on all my boxes that don't have kernel auditting support and does not appear on those that do.
strcmp

strcmp

2006-04-05 14:45

reporter   ~0003352

boutilpj,

   If the problem is the auditing support, I'm doing something wrong. I've compiled a new Xen 2 kernel with auditing enabled and turned on the audit daemon and even this way sshd kept not logging how is online.
ghostspace

ghostspace

2006-04-05 20:06

reporter   ~0003353

I have seen that even with Xen kernels built with audit support appear to be experiencing this issue.
Is there a bug with the audit module in a Xen kernel?
cristux

cristux

2006-05-03 08:08

reporter   ~0003469

No utmp/wtmp logging for ssh on Redhat AS4 (CentOS 4) based VPS.

http://kb.swsoft.com/article_133_1146_en.html
arogge

arogge

2006-06-06 11:29

reporter   ~0003545

I'm also having this issue on two machines running Xen and one machine running on bare metal, but with a centosplus kernel.
petersv

petersv

2006-06-06 11:58

reporter   ~0003546

After upgrading to the current centosplus kernel the problem went away.
The machens are not runing xen.
sami

sami

2006-09-03 10:31

reporter   ~0003894

This problem appears to be fixed in CentOS 4.4.

Issue History

Date Modified Username Field Change
2006-03-12 03:03 strcmp New Issue
2006-03-12 03:03 strcmp Status new => assigned
2006-03-14 16:56 sami Note Added: 0003242
2006-03-30 02:52 ghostspace Note Added: 0003297
2006-03-30 09:23 JohnnyHughes Product Version 4.2 - i386 => 4.3 - i386
2006-03-30 09:32 JohnnyHughes Note Added: 0003298
2006-03-30 09:34 JohnnyHughes Note Edited: 0003298
2006-03-30 10:35 petersv Note Added: 0003300
2006-03-30 14:08 ghostspace Note Added: 0003302
2006-03-30 14:09 ghostspace Note Edited: 0003302
2006-03-30 14:12 ghostspace Note Edited: 0003302
2006-03-30 14:15 ghostspace Note Edited: 0003302
2006-03-30 14:23 ghostspace Note Added: 0003303
2006-03-30 14:58 JohnnyHughes Note Added: 0003305
2006-03-30 15:02 sami Note Added: 0003306
2006-03-30 15:46 ghostspace Note Added: 0003308
2006-03-30 16:01 JohnnyHughes Note Added: 0003309
2006-03-30 16:01 JohnnyHughes Note Edited: 0003309
2006-03-30 16:17 petersv Note Added: 0003310
2006-03-30 16:22 sami Note Added: 0003311
2006-03-30 19:34 JohnnyHughes Note Added: 0003314
2006-03-30 19:37 JohnnyHughes Note Edited: 0003314
2006-03-30 19:52 petersv Note Added: 0003315
2006-03-31 00:54 fcjohn Note Added: 0003318
2006-03-31 00:56 fcjohn Note Edited: 0003318
2006-03-31 01:23 sami Note Added: 0003319
2006-03-31 03:47 ywliu Note Added: 0003320
2006-04-05 13:09 boutilpj Note Added: 0003351
2006-04-05 14:45 strcmp Note Added: 0003352
2006-04-05 20:06 ghostspace Note Added: 0003353
2006-05-03 08:08 cristux Note Added: 0003469
2006-06-06 11:29 arogge Note Added: 0003545
2006-06-06 11:58 petersv Note Added: 0003546
2006-09-03 10:31 sami Note Added: 0003894