Tweet
Shell access is not working in cagefs+cpanel server
-
-
Hi,
We can enable users to ssh using normal shell in cpanel after installing cagefs.
It connects for 1 sec and connection is closed.
This is the ssh log,
Jun 6 14:33:05 colXXXXx sshd[11008]: Accepted password for videofan from 115.119.57.2 port 47862 ssh2
Jun 6 14:33:05 colXXXXx sshd[11008]: pam_unix(sshd:session): session opened for user videofan by (uid=0)
Jun 6 14:33:05 colXXXXx sshd[11008]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Jun 6 14:33:06 colXXXXx sshd[11153]: Received disconnect from 115.119.57.2: 11: disconnected by user
Jun 6 14:33:14 colXXXXx sshd[11191]: Accepted password for videofan from 115.119.57.2 port 47866 ssh2
Jun 6 14:33:14 colXXXXx sshd[11191]: pam_unix(sshd:session): session opened for user videofan by (uid=0)
Jun 6 14:33:14 colXXXXx sshd[11191]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Jun 6 14:33:15 colXXXXx sshd[11213]: Received disconnect from 115.119.57.2: 11: disconnected by user -
What is in your:
/etc/pam.d/sshd
What is the shell from /etc/passwd for that user?Comment
-
I am facing this problem too.
My users shell in /etc/passwd is /bin/bash.Code:cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth auth required pam_shells.so session required pam_lve.so 100 1
The moment I disable cagefs for this user using cagefsctl --disable username, I can again ssh to server without a problem.
Regards,Comment
-
Do you get any error message when you attempt to login?Comment
-
Yeah the same as Dennis John mentioned..
Code:Jul 11 09:48:51 test-1 sshd[889501]: Accepted password for suhastest from 122.182.0.38 port 47103 ssh2 Jul 11 09:48:51 test-1 sshd[889501]: pam_unix(sshd:session): session opened for user suhastest by (uid=0) Jul 11 09:48:51 test-1 sshd[889501]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Comment
-
Try doing:
id USERNAME
lvectl destroy _ID_
where _ID_ is the user id from previous user
And then try logging in again.
If that doesn work, please, contact our support at helpdesk.cloudlinux.comComment
-
And I am using cagefs-3.5-2.el6.cloudlinux.x86_64Comment
-
This thread might be quite old, but I have been unable to find any others with the correct fix.
As this is CloudLinux with LVE/CageFS, the standard fix below suggest by people for standard Linux does not work:
Edit /etc/pam.d/sshd and comment out the below line:
session required pam_loginuid.so
The work around is to comment out the line used by CageFS/LVE:
session required pam_lve.so 500 1
A full fix for this would be greatly appreciated, as we would like to have everything secure, and working
Comment
-
Well, we would really like to investigate the issue, however the symptoms should be different from a 3 years old thread. Could you please show us more information what exactly is not working and what /var/log/secure and /var/log/messages are saying?
Removing "session required pam_lve.so" is not a fix, you simply disable lve/cagefs functionality at all for ssh sessions.Comment
-
Thread is not letting me post...Comment
-
Now to post the link to the real information it wasn letting me post...
Comment
-
What is home location for blacksheep ? (grep blacksheep /etc/passwd)
And also show me the content of /etc/cagefs/cagefs.base.home.dirs file.Comment
-
Home directory is /home/blacksheep.
This was the contents of /etc/cagefs/cagefs.base.home.dirs:
mount_basedir=1
^/var/www/vhosts/[^/]+
I added the below line and was able to log in through SSH:
^/home/[^/]+
The below lines show in /var/log/secure:
Jul 1 21:10:24 plesk sshd[558886]: pam_unix(sshd:session): session opened for user blacksheep by (uid=0)
Jul 1 21:10:24 plesk sshd[558886]: lastlog_openseek: Couldnt stat /var/log/lastlog: No such file or directory
Jul 1 21:10:24 plesk sshd[558886]: lastlog_openseek: Couldnt stat /var/log/lastlog: No such file or directory
Jul 1 21:30:34 plesk sshd[560170]: syslogin_perform_logout: logout() returned an error
Jul 1 21:30:34 plesk sshd[560170]: pam_unix(sshd:session): session closed for user blacksheep
Also /var/log/messages:
Jul 1 21:03:20 plesk pam_lve[558466]: Error Entering into CageFS -1 Invalid regexps: no match for path to base home directory
I am unable to "su".
After some searching, I am thinking I should create a "wheel" group. cPanel has this feature built in (our other server), but the one with the issue is Plesk. Unless there is something else that should be done outside of Plesk?Comment
-
Hello,
> Home directory is /home/blacksheep.
Did you check this in your /etc/passwd as we wrote you before?
If yes and homedir is located in /home, then you have custom Plesk configuration. Because users homedir - located in /var/www/vhosts by default on Plesk server.
Is there any chance to change it back to default settings ( /var/www/vhosts)? After this you should also remove ^/home/[^/]+ from /etc/cagefs/cagefs.base.home.dirs and run cagefsctl --remount-all.Comment
Comment