ssh login failure after learning mode
Posted:
Mon Jan 17, 2005 5:59 amby jfried
Hello,
i have run the learning mode auf gradm and enabled the result. But after that i cannot login with ssh. the error message is:
- Code: Select all
stdin: is not a tty
does anyone know what i have to put into the acl file?
thank you in advanced
jf
Re: ssh login failure after learning mode
Posted:
Tue Jan 18, 2005 6:25 amby Hue-Bond
>stdin: is not a tty
>does anyone know what i have to put into the acl file?
I have, in user role:
subject /usr/sbin/sshd
/dev/console w
/dev/pts h
/dev/pts/[0-9]* rw
/dev/tty rw
subject /bin/bash
/dev/tty rw
And, as root:
subject /usr/sbin/sshd
/dev h
/dev/ptmx rw
/dev/pts
/dev/pts/[0-9]* rw
/dev/tty rw
Posted:
Tue Jan 18, 2005 7:43 amby jfried
Thank you for your replay.
My acl looks so:
- Code: Select all
role default
subject / {
/ h
-CAP_ALL
connect disabled
bind disabled
}
role root uG
role_allow_ip 0.0.0.0/32
role_allow_ip 80.132.13.31/32
role_allow_ip 62.175.116.235/32
subject / {
/ h
/dev/initctl
-CAP_ALL
bind disabled
connect disabled
}
[...]
subject /usr/sbin/sshd o {
/ h
/bin h
/bin/bash x
/etc rx
/etc/grsec h
/lib rx
/usr h
/usr/lib/libdb3.so.3.0.2 rx
/var h
/var/log
/var/log/lastlog rw
/var/log/wtmp w
/var/run/sshd
/var/run/utmp rw
/dev
/dev/log rw
/dev/ptmx rw
/dev/ptyp* rw
/dev/tty* rw
/dev/console rw
/dev/stdin rw
/dev/grsec h
/dev/mem h
/dev/kmem h
/dev/port h
/proc
/proc/kcore h
/proc/sys h
/proc/bus h
/root
/root/.ssh
/root/.ssh/authorized_keys r
-CAP_ALL
+CAP_CHOWN
+CAP_FSETID
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
+CAP_SYS_RESOURCE
+CAP_SYS_TTY_CONFIG
### same behaviour with active or not
# bind 0.0.0.0/32:22 stream dgram ip tcp
# bind 0.0.0.0/32:0 stream dgram ip tcp
# connect 127.0.0.1/32:53 dgram udp
}
Any suggestions?
Thank you
jf