1 |
Rennie deGraaf wrote: |
2 |
> A few minutes ago, I discovered that I can't log into my firewall |
3 |
> |
4 |
> If I try SSH from inside, it gives me my login banner and immediately |
5 |
> disconnects, without prompting for a password. This suggested to me that |
6 |
> when trying to clean up the mess left by upgrading the shadow package |
7 |
> yesterday (and first removing pam-login) as reccomended by a |
8 |
> GLSA-200606-02, I left something incorrectly configured. |
9 |
> |
10 |
> If I try SSH from outside, the connection times out. I don't know why |
11 |
> this happens - the iptables configuration should allow SSH connections |
12 |
> from outside, and the timing suggests a problem before reaching the |
13 |
> login or pam code. |
14 |
> |
15 |
> If I try to log in via a virtual TTY on a serial port, I get the message |
16 |
> "*** glibc detected *** double free or corruption (!prev): 0x142e1cc8 |
17 |
> ***" (the address varies) after entering a username, but before entering |
18 |
> a password. This suggests a problem with either the login or pam |
19 |
> software; I can't see how a configuration error could cause this. |
20 |
> |
21 |
> If I try to log in via the system console, I get the same error as with |
22 |
> the serial line. |
23 |
> |
24 |
> My firewall is running a tightly locked-down minimal install of Gentoo |
25 |
> 2005.1 with the hardened kernel and toolkit and all relavant security |
26 |
> updates applied. I think that the kernel is 2.6.11-hardened-r15. Other |
27 |
> than my inability to log in, it seems to be working - the DNS server is |
28 |
> still responding, and it still seems to be forwarding packets correctly. |
29 |
> The system has been up since some time in late august or early |
30 |
> september 2005. |
31 |
> |
32 |
> I guess that the only way to get into the system and try to fix it is to |
33 |
> reboot into single-user mode, but before I take it down for maintenance, |
34 |
> I'd like to know if I'm dealing with a software problem or a |
35 |
> configuration problem (since with my firewall down, I will have no way |
36 |
> to look up more information from the Internet). Does anyone know what |
37 |
> this error signifies in this context, or have any suggestions on how to |
38 |
> recover? |
39 |
> |
40 |
> Thanks, |
41 |
> Rennie deGraaf |
42 |
> |
43 |
Hi, |
44 |
Just reboot and try again. |
45 |
IIRC the solution was to rebuild "openssh" after the new "shadow" |
46 |
package within the same ssh-session (assuming that's the way you do it). |
47 |
HTH.Rumen |