Discussion:
: login user is root
(too old to reply)
Johan Vermeulen
2014-12-22 21:16:55 UTC
Permalink
Barry,
it should not be nescessary to modify the sshd_config file.
The ltsp- update-ssh-keys should do it.
Have you tried disabling the firewall? And selinux?

Greetings johan
Hello All,
I posted this over at ltsp forums.
It seems the interest in ltsp has really diminished sadly,,and also
makes troubleshooting a problem like i have listed that much more
difficult,without anyone else being able to give much feedback on recent
installs of ltsp.
------------------------------------------------
CentOS 6.6 & ltsp latest version server & client build.
After modding the sshd_config file on server to allow root to login with
authorized_keys files a standrad user can get a login now,,but after
logging in the standard user is root.
It can be easily seen in log below the user (testuser) is authenticated
fine then next line root is logged in alongside stander user.
Never had this happen in many builds of ltsp/k12linux over the years.
I will post the login of a client from the secure logs on server.
-----------------------------------------------------------------------------------------------------------------------
Dec 22 09:32:14 wc19 sshd[11199]: Accepted password for testuser from
172.28.12.5 port 42979 ssh2
Dec 22 09:32:14 wc19 sshd[11199]: pam_unix(sshd:session): session opened
for user testuser by (uid=0)
Dec 22 09:32:15 wc19 sshd[11225]: Accepted publickey for root from
172.28.12.5 port 42980 ssh2
Dec 22 09:32:15 wc19 sshd[11225]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:15 wc19 sshd[11225]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:15 wc19 sshd[11244]: Accepted publickey for root from
172.28.12.5 port 42981 ssh2
Dec 22 09:32:15 wc19 sshd[11244]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:15 wc19 sshd[11244]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:15 wc19 sshd[11263]: Accepted publickey for root from
172.28.12.5 port 42982 ssh2
Dec 22 09:32:15 wc19 sshd[11263]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:15 wc19 sshd[11263]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:16 wc19 sshd[11283]: Accepted publickey for root from
172.28.12.5 port 42983 ssh2
Dec 22 09:32:16 wc19 sshd[11283]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:16 wc19 sshd[11283]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:16 wc19 sshd[11302]: Accepted publickey for root from
172.28.12.5 port 42984 ssh2
Dec 22 09:32:16 wc19 sshd[11302]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:16 wc19 sshd[11302]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:16 wc19 sshd[11321]: Accepted publickey for root from
172.28.12.5 port 42985 ssh2
Dec 22 09:32:16 wc19 sshd[11321]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:16 wc19 sshd[11321]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:17 wc19 sshd[11340]: Accepted publickey for root from
172.28.12.5 port 42986 ssh2
Dec 22 09:32:17 wc19 sshd[11340]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:17 wc19 sshd[11340]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:17 wc19 sshd[11360]: Accepted publickey for root from
172.28.12.5 port 42987 ssh2
Dec 22 09:32:17 wc19 sshd[11360]: pam_unix(sshd:session): session opened
for user root by (uid=0)
disconnected by user
Dec 22 09:32:17 wc19 sshd[11360]: pam_unix(sshd:session): session closed
for user root
Dec 22 09:32:18 wc19 sshd[11379]: Accepted publickey for root from
172.28.12.5 port 42988 ssh2
Dec 22 09:32:18 wc19 sshd[11379]: pam_unix(sshd:session): session opened
for user root by (uid=0)
Dec 22 09:32:21 wc19 polkitd(authority=local): Registered Authentication
Agent for session /org/freedesktop/ConsoleKit/Session9 (system bus name
:1.1461 [/usr/libexec/polkit-gnome-authentication-agent-1], object path
/org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
disconnected by user
Dec 22 09:32:49 wc19 sshd[11379]: pam_unix(sshd:session): session closed
for user root
disconnected by user
Dec 22 09:32:50 wc19 sshd[11199]: pam_unix(sshd:session): session closed
for user testuser
Dec 22 09:32:50 wc19 polkitd(authority=local): Unregistered Authentication
Agent for session /org/freedesktop/ConsoleKit/Session9 (system bus name
:1.1461, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
en_US.UTF-8) (disconnected from bus)
----------------------------------------------------------------------------------------------------------------------
Anyone ever experienced this?
Thanks,
Barry
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Barry R Cisna
2014-12-22 22:39:39 UTC
Permalink
Hi Johan,

Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.


The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.

Downside is now the login works,but a standard user,,,is root once
logged in.

If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.

I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.

Also,i noticed randomly after adding the LDM_DEBUG_TERMINAL in the
lts.cong file,,i see randon "ldm: segfault at 8 ip. xxx" , in the popup
terminal on the client,
I found reference to this error as far back as two year ago,,but never
found what a real solution was or what caused this.


Thanks,

Barry
Patrick Fleming
2014-12-29 15:46:34 UTC
Permalink
Barry,
You stated you are using the root public/private key for authentication.
Do you have "standard" user keys?
Post by Barry R Cisna
Hi Johan,
Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.
The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.
Downside is now the login works,but a standard user,,,is root once
logged in.
If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.
I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.
Also,i noticed randomly after adding the LDM_DEBUG_TERMINAL in the
lts.cong file,,i see randon "ldm: segfault at 8 ip. xxx" , in the popup
terminal on the client,
I found reference to this error as far back as two year ago,,but never
found what a real solution was or what caused this.
Thanks,
Barry
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Johan Vermeulen
2014-12-23 11:13:50 UTC
Permalink
Barry,

the most recent "standard" install I did was on Centos6.5
I don't remember if I used epel or k12linux repo. I had no issues.
Usualy I don't don't do normal install but I set up dhcp, nfs, etc manualy and copy over files from a pre-fedorahosted k12linux.
For me moving to ubuntu is a noway.
Greetings johan
Post by Barry R Cisna
Hi Johan,
Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.
The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.
Downside is now the login works,but a standard user,,,is root once
logged in.
If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.
I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.
Also,i noticed randomly after adding the LDM_DEBUG_TERMINAL in the
lts.cong file,,i see randon "ldm: segfault at 8 ip. xxx" , in the popup
terminal on the client,
I found reference to this error as far back as two year ago,,but never
found what a real solution was or what caused this.
Thanks,
Barry
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Radek Bursztynowski
2014-12-23 12:38:19 UTC
Permalink
Hello,

Let me add my feelings to this discussion. I use K12Linux on CentOS 6.x
for many years and for me moving to another solution is a noway too.
Unfortunately I meet a lot of troubles, but most of them I solve
manually. Last my installation CentOS 6.6 and K12Linux is dated 3th of
November 2014. I solved most problems and this installation works
stable, but I have problem with thin client image.

Only one thin client image is installable from my point of view:
epel-6-i386 (i386). ltsp-build-client -–list shows:
epel-5-i386
epel-5-ppc
epel-5-x86_64
epel-6-i386
epel-6-ppc64
epel-6-x86_64
epel-7-x86_64
fedora-19-armhfp
fedora-19-i386
fedora-19-ppc64
fedora-19-ppc
fedora-19-s390
fedora-19-s390x
fedora-19-x86_64
fedora-20-armhfp
fedora-20-i386
fedora-20-ppc64
fedora-20-ppc
fedora-20-s390
fedora-20-s390x
fedora-20-x86_64
fedora-21-armhfp
fedora-21-i386
fedora-21-x86_64
fedora-5-i386-epel
fedora-5-ppc-epel
fedora-5-x86_64-epel
fedora-devel-i386
fedora-devel-ppc64
fedora-devel-ppc
fedora-devel-x86_64
fedora-rawhide-aarch64
fedora-rawhide-armhfp
fedora-rawhide-i386
fedora-rawhide-ppc64
fedora-rawhide-ppc
fedora-rawhide-s390
fedora-rawhide-s390x
fedora-rawhide-sparc
fedora-rawhide-x86_64

but epel-6-i386 I can install only. I don't know why. LTSP terminal
boots with epel-6-i386 (CentOS 6.6) but I can't login. In addition
epel-6-i386 (the last one and older) image couldn't shutdown. Ending
process suspends on switching off eth0 interface. So, I still use
Scientific Linux 6.1 image and fedora-11-i386 for older (i586) images.
epel-6-i386 and fedora-11-i386 (epel-6-i386 too) don't support properly
newest graphic cards inside new nettops or thin clients terminals with
full resolution. And this is the reason that I am looking for newer thin
client images. I tried debian-7-i386 thin client image - no better
result.
Next step I plan with OpenSUSE image and at the end with Ubuntu image.
But I am concerned about K12Linux thin client images because this status
of thin client images doesn't change whole year and I wary that older
hardware nettop/thin clients solution will end.

The future is misty.

Best regards,
Radek

------
Post by Johan Vermeulen
Barry,
the most recent "standard" install I did was on Centos6.5
I don't remember if I used epel or k12linux repo. I had no issues.
Usualy I don't don't do normal install but I set up dhcp, nfs, etc manualy and copy over files from a pre-fedorahosted k12linux.
For me moving to ubuntu is a noway.
Greetings johan
Post by Barry R Cisna
Hi Johan,
Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.
The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.
Downside is now the login works,but a standard user,,,is root once
logged in.
If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.
I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.
Also,i noticed randomly after adding the LDM_DEBUG_TERMINAL in the
lts.cong file,,i see randon "ldm: segfault at 8 ip. xxx" , in the popup
terminal on the client,
I found reference to this error as far back as two year ago,,but never
found what a real solution was or what caused this.
Thanks,
Barry
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
_______________________________________________
K12OSN mailing list
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Johan Vermeulen
2014-12-23 14:43:59 UTC
Permalink
This is very usefull.
I asumed the problem with shutting down was because of my thinclient hardware.
I also use the scientific-image.
I also have one site running on Thinstation.

Greetings, Johan
Post by Radek Bursztynowski
Hello,
Let me add my feelings to this discussion. I use K12Linux on CentOS 6.x
for many years and for me moving to another solution is a noway too.
Unfortunately I meet a lot of troubles, but most of them I solve
manually. Last my installation CentOS 6.6 and K12Linux is dated 3th of
November 2014. I solved most problems and this installation works
stable, but I have problem with thin client image.
epel-5-i386
epel-5-ppc
epel-5-x86_64
epel-6-i386
epel-6-ppc64
epel-6-x86_64
epel-7-x86_64
fedora-19-armhfp
fedora-19-i386
fedora-19-ppc64
fedora-19-ppc
fedora-19-s390
fedora-19-s390x
fedora-19-x86_64
fedora-20-armhfp
fedora-20-i386
fedora-20-ppc64
fedora-20-ppc
fedora-20-s390
fedora-20-s390x
fedora-20-x86_64
fedora-21-armhfp
fedora-21-i386
fedora-21-x86_64
fedora-5-i386-epel
fedora-5-ppc-epel
fedora-5-x86_64-epel
fedora-devel-i386
fedora-devel-ppc64
fedora-devel-ppc
fedora-devel-x86_64
fedora-rawhide-aarch64
fedora-rawhide-armhfp
fedora-rawhide-i386
fedora-rawhide-ppc64
fedora-rawhide-ppc
fedora-rawhide-s390
fedora-rawhide-s390x
fedora-rawhide-sparc
fedora-rawhide-x86_64
but epel-6-i386 I can install only. I don't know why. LTSP terminal
boots with epel-6-i386 (CentOS 6.6) but I can't login. In addition
epel-6-i386 (the last one and older) image couldn't shutdown. Ending
process suspends on switching off eth0 interface. So, I still use
Scientific Linux 6.1 image and fedora-11-i386 for older (i586) images.
epel-6-i386 and fedora-11-i386 (epel-6-i386 too) don't support properly
newest graphic cards inside new nettops or thin clients terminals with
full resolution. And this is the reason that I am looking for newer thin
client images. I tried debian-7-i386 thin client image - no better
result.
Next step I plan with OpenSUSE image and at the end with Ubuntu image.
But I am concerned about K12Linux thin client images because this status
of thin client images doesn't change whole year and I wary that older
hardware nettop/thin clients solution will end.
The future is misty.
Best regards,
Radek
------
Post by Johan Vermeulen
Barry,
the most recent "standard" install I did was on Centos6.5
I don't remember if I used epel or k12linux repo. I had no issues.
Usualy I don't don't do normal install but I set up dhcp, nfs, etc manualy and copy over files from a pre-fedorahosted k12linux.
For me moving to ubuntu is a noway.
Greetings johan
Post by Barry R Cisna
Hi Johan,
Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.
The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.
Downside is now the login works,but a standard user,,,is root once
logged in.
If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.
I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.
Also,i
Radek Bursztynowski
2014-12-23 15:27:25 UTC
Permalink
Johan,

Regarding shutting down of NIC - I checked it on all my terminals and
on virtual (KVM) machine too. This problem concerns thin client image,
not hardware.

Best regards,
Radek
Post by Johan Vermeulen
This is very usefull.
I asumed the problem with shutting down was because of my thinclient hardware.
I also use the scientific-image.
I also have one site running on Thinstation.
Greetings, Johan
Post by Radek Bursztynowski
Hello,
Let me add my feelings to this discussion. I use K12Linux on CentOS 6.x
for many years and for me moving to another solution is a noway too.
Unfortunately I meet a lot of troubles, but most of them I solve
manually. Last my installation CentOS 6.6 and K12Linux is dated 3th of
November 2014. I solved most problems and this installation works
stable, but I have problem with thin client image.
epel-5-i386
epel-5-ppc
epel-5-x86_64
epel-6-i386
epel-6-ppc64
epel-6-x86_64
epel-7-x86_64
fedora-19-armhfp
fedora-19-i386
fedora-19-ppc64
fedora-19-ppc
fedora-19-s390
fedora-19-s390x
fedora-19-x86_64
fedora-20-armhfp
fedora-20-i386
fedora-20-ppc64
fedora-20-ppc
fedora-20-s390
fedora-20-s390x
fedora-20-x86_64
fedora-21-armhfp
fedora-21-i386
fedora-21-x86_64
fedora-5-i386-epel
fedora-5-ppc-epel
fedora-5-x86_64-epel
fedora-devel-i386
fedora-devel-ppc64
fedora-devel-ppc
fedora-devel-x86_64
fedora-rawhide-aarch64
fedora-rawhide-armhfp
fedora-rawhide-i386
fedora-rawhide-ppc64
fedora-rawhide-ppc
fedora-rawhide-s390
fedora-rawhide-s390x
fedora-rawhide-sparc
fedora-rawhide-x86_64
but epel-6-i386 I can install only. I don't know why. LTSP terminal
boots with epel-6-i386 (CentOS 6.6) but I can't login. In addition
epel-6-i386 (the last one and older) image couldn't shutdown. Ending
process suspends on switching off eth0 interface. So, I still use
Scientific Linux 6.1 image and fedora-11-i386 for older (i586) images.
epel-6-i386 and fedora-11-i386 (epel-6-i386 too) don't support properly
newest graphic cards inside new nettops or thin clients terminals with
full resolution. And this is the reason that I am looking for newer thin
client images. I tried debian-7-i386 thin client image - no better
result.
Next step I plan with OpenSUSE image and at the end with Ubuntu image.
But I am concerned about K12Linux thin client images because this status
of thin client images doesn't change whole year and I wary that older
hardware nettop/thin clients solution will end.
The future is misty.
Best regards,
Radek
------
Post by Johan Vermeulen
Barry,
the most recent "standard" install I did was on Centos6.5
I don't remember if I used epel or k12linux repo. I had no issues.
Usualy I don't don't do normal install but I set up dhcp, nfs, etc manualy and copy over files from a pre-fedorahosted k12linux.
For me moving to ubuntu is a noway.
Greetings johan
Post by Barry R Cisna
Hi Johan,
Yes selinux and iptables are both disabled at boot.
I have used ltsp/k12linux for anbout 11 years now so fairly familiar
with the configs,but each iteration of ltsp-server throws new curve
balls it goes without saying.
The reason for modding the sshd_config file was due to the fact that
root was failing the login for a standard user.
Without adding the public
keys for root to both server and client root,the standard user was
thrown back out to the login screen again.
Yes, i am familiar with doing the ltsp-update-sshkeys, along with
ltsp-update-kernels.
Downside is now the login works,but a standard user,,,is root once
logged in.
If you look at the log below,,you will see at top,,,a standard
user,,then directly below,root gets the go ahead from ssh?
Scouring through the ldm files, there is yet another ldm package that is
installed, with ltsp-server package ,,even since I done an install about
6 months ago,that worked fine.
I am sure it is of course something is haywire in the ldm init scripts
but don't have a clue were to look,,to troubleshoot.
Also,i
Loading...