grsecurity forums

by **jfried** » Mon Jan 17, 2005 5:59 am

Hello,

i have run the learning mode auf gradm and enabled the result. But after that i cannot login with ssh. the error message is:

Code: Select all: stdin: is not a tty

does anyone know what i have to put into the acl file?

thank you in advanced
jf

by **Hue-Bond** » Tue Jan 18, 2005 6:25 am

>stdin: is not a tty
>does anyone know what i have to put into the acl file?

I have, in user role:

subject /usr/sbin/sshd
/dev/console w
/dev/pts h
/dev/pts/[0-9]* rw
/dev/tty rw
subject /bin/bash
/dev/tty rw

And, as root:

subject /usr/sbin/sshd
/dev h
/dev/ptmx rw
/dev/pts
/dev/pts/[0-9]* rw
/dev/tty rw

by **jfried** » Tue Jan 18, 2005 7:43 am

Thank you for your replay.

My acl looks so:

Code: Select all: role default subject / { / h -CAP_ALL connect disabled bind disabled } role root uG role_allow_ip 0.0.0.0/32 role_allow_ip 80.132.13.31/32 role_allow_ip 62.175.116.235/32 subject / { / h /dev/initctl -CAP_ALL bind disabled connect disabled } [...] subject /usr/sbin/sshd o { / h /bin h /bin/bash x /etc rx /etc/grsec h /lib rx /usr h /usr/lib/libdb3.so.3.0.2 rx /var h /var/log /var/log/lastlog rw /var/log/wtmp w /var/run/sshd /var/run/utmp rw /dev /dev/log rw /dev/ptmx rw /dev/ptyp* rw /dev/tty* rw /dev/console rw /dev/stdin rw /dev/grsec h /dev/mem h /dev/kmem h /dev/port h /proc /proc/kcore h /proc/sys h /proc/bus h /root /root/.ssh /root/.ssh/authorized_keys r -CAP_ALL +CAP_CHOWN +CAP_FSETID +CAP_SETGID +CAP_SETUID +CAP_SYS_CHROOT +CAP_SYS_RESOURCE +CAP_SYS_TTY_CONFIG ### same behaviour with active or not # bind 0.0.0.0/32:22 stream dgram ip tcp # bind 0.0.0.0/32:0 stream dgram ip tcp # connect 127.0.0.1/32:53 dgram udp }

Any suggestions?

Thank you
jf

grsecurity forums

ssh login failure after learning mode

ssh login failure after learning mode

Re: ssh login failure after learning mode