grsecurity forums


https://forums.grsecurity.net./

SSH from remote location error -2.6.11

https://forums.grsecurity.net./viewtopic.php?f=3&t=1188

Page 1 of 1

SSH from remote location error -2.6.11

PostPosted: Mon May 09, 2005 9:45 am
by pac_red
Hello,
With the RBAC system enabled I try to ssh onto the 2.6.11 kernel and I get the following error message.

ssh_exchange_identification: Connection closed by remote host

Then I cannot logon.

Does anyone know what I have to add to the acl in order to make ssh work?

In learning mode I know that I ssh'ed onto the box many times from different client locations.

The screen error says:
(default:D:/usr/sbin/sshd) denied open of /proc/14128/mounts for reading by /usr/sbin/sshd[sshd:14128] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:31076] uid/euid:0/0 gid/egid:0/0

The acl rule is:

subject /usr/sbin/sshd o {
user_transition_allow root
group_transition_allow root

/
/bin h
/bin/bash
/dev h
/dev/log rw
/dev/null rw
/dev/ptmx rw
/dev/pts rw
/dev/urandom r
/etc r
/etc/grsec h
/lib rx
/usr h
/usr/lib rx
/usr/sbin h
/usr/sbin/sshd x
/var h
/var/empty/sshd
/var/log
/var/log/lastlog rw
/var/log/wtmp w
/var/run/utmp rw
/proc r
/proc/kcore h
/proc/bus h
-CAP_ALL
+CAP_CHOWN
+CAP_DAC_OVERRIDE
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
bind this_box_ip_address/32:22 stream tcp
bind 0.0.0.0/32:0 dgram ip
connect my_dns_server/32:53 dgram udp
}

me too

PostPosted: Tue May 10, 2005 8:23 pm
by bmcmurphy
I've had the same problem with 2.6.11. I'm wasn't convinced it was due to RBAC though, because after sshd gets into this state, disabling grsecurity doesn't fix the problem. In order to fix it, I usually have to restart sshd, although sometimes just killing a few of the sshd processes is enough.

If you disable grsec, does sshd start accepting connections again?

Jim

PostPosted: Wed May 11, 2005 12:49 am
by pac_red
Yes,
./gradm -D

allows me to ssh onto the box, without rebooting, or killing processes.

Thank-you for your reply.

sshd 4.0

PostPosted: Fri May 13, 2005 4:19 pm
by bmcmurphy
I just upgraded to sshd 4.0p1 and this problem has gone away for me. However, if I set my policy to restrict access to /etc for sshd, the entire system slows to a crawl when an ssh client connects.

I ended up having to give read access to certain files such as /etc/passwd, /etc/ldap.conf, and a bunch of other ones, and used ext3 ACLs to restrict access on those same files. It's an ugly workaround, but the performance is fast and the files are still safe.

Cheers,

bmc
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/