tlog
tlog copied to clipboard
Scribery
No such file or directory when trying to ssh
Hi
Running out of ideas and been googling allot. When I login I get logged out immediately ? When I try to test from shell when logged in it works fine. Any ideas?
Centos 8, journal writer
Aug 17 14:59:38 server-01 -tlog-rec-session[8071]: {"ver":"2.2","host":"server-01","rec":"996685db744e446eaef0ea2943452606-1f87-222f0","user":"myuser","term":"screen-256color","session":9,"id":1,"pos":0,"timing":"=105x25+1>46","in_txt":"","in_bin":[],"out_txt":"No such file or directory\r\nFailed executing \r\n","out_bin":[]} Aug 17 14:59:38 server-01 sshd[8070]: Received disconnect from 10.97.146.262 port 53674:11: disconnected by user
Thanks
Nar
Hello,
Perhaps strace will give some clue of what file/directory is attempting to be accessed or executed returning ENOENT (No such file or directory).
The problem only happens when logging in with SSSD?
What does your sssd session recording configuration look like? Are you using setup steps similar to the following?
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/recording_sessions/deploying-session-recording-getting-started-with-session-recording
SSSD will look for the tlog-rec-session binary in /usr/bin/tlog-rec-session and it needs to be executable.
This looks like something set the tlog's shell-to-start to an empty string.
ls -slrth /usr/bin/tlog-rec-session 16K -rwsr-sr-x 1 tlog tlog 13K Apr 7 03:17 /usr/bin/tlog-rec-session
122568 06:57:03.321255 write(6</var/log/sssd/sssd_somedomain.co.za.log>, "(Tue Aug 18 06:57:03 2020) [sssd[be[somedomain.co.za]]] [simple_check_get_groups_primary] (0x0040): Could not look up primary group [1375800513]: [2][No such file or directory]\n", 170) = 170 <0.000039>
122568 06:57:03.321255 write(6</var/log/sssd/sssd_somedomain.co.za.log>, "(Tue Aug 18 06:57:03 2020) [sssd[be[somedomain.co.za]]] [simple_check_get_groups_primary] (0x0040): Could not look up primary group [1375800513]: [2][No such file or directory]\n", 170) = 170 <0.000039>
This is the only reference that I get pointing to "No such file or directory" in the strace
When SSSD overlays the session recording configuration for tlog, SSSD sets an environment variable TLOG_REC_SESSION_SHELL to the original user's shell, when tlog-rec-session is run it executes the actual user's shell to spawn inside of a recorded process.
If I run the following on my system to indicate an empty string retrieved as the user's original shell:
export TLOG_REC_SESSION_SHELL=""
$ tlog-rec-session -c ls
Then I see the same error as you.
MESSAGE={"ver":"2.2","host":"agalloch.attlocal.net","rec":"811a02dbdd7e48269e6d594bf96aa51b-14b05-61bf20","user":"justin","term":"screen","session":3,"id":1,"pos":0,"timing":"=238x54+1>46","in_txt":"","in_bin":[],"out_txt":"No such file or directory\r\nFailed executing \r\n","out_bin":[]}
SSSD should read the user's original shell from NSS (getent passwd $user). Note that you will need to change scope=none in the session recording section first, otherwise NSS will return tlog-rec-session as the user's shell. You may also want to check the 'passwd' line in /etc/nsswitch.conf
I had the same error due to getent passwd $user not returning a shell. (LDAP did not contain that value)
This was fixed by placing the following in /etc/sssd/sssd.conf:
[domain/default]
...
default_shell = /bin/bash
Hello,
im using Fedora 33 and installed tlog from repositories. I also followed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/recording_sessions/index to set it up correctly.
But im getting the same issue, i cant login with ssh from an remote machine anymore. SSH gets me:
No such file or directory
Failed setting locale from environment variables
Connection to xxx closed.
getent passwd username is showing me the "/usr/bin/tlog-rec-session" as shell, which should be correct:
username:x:1000:1000:username:/home/username:/usr/bin/tlog-rec-session
Permissions for /usr/bin/tlog-rec-session:
-rwsr-sr-x. 1 tlog tlog 16072 Jan 19 22:31 /usr/bin/tlog-rec-session
If i do an ssh username@localhost it is working, showing me the recording-warning in motd and it is recording my actions. I do not have an /etc/sssd/sssd.conf. I also tried creating one with content:
[domain/local]
id_provider = files
default_shell = /bin/bash #<-- i also tried without that....
[sssd]
domains = local
I also tried the same on a fresh installed Fedora 33 machine. Same issue. Version installed is: tlog-11-1.fc33.src.rpm
What can i do? :-/
Thanks.
I tried out the configuration without sssd. So i changed the Shell for the user manually using "chsh username" to /usr/bin/tlog-rec-session.
SSH into it worked, but not from every ssh client. So i think this must be an client configuration.
It is working out of an ubuntu 18.04 machine, but for example not from my local mac os machine.
Hello,
im using Fedora 33 and installed tlog from repositories. I also followed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/recording_sessions/index to set it up correctly.
But im getting the same issue, i cant login with ssh from an remote machine anymore. SSH gets me:
No such file or directory Failed setting locale from environment variables Connection to xxx closed.
Hi, the failure happens in attempting setting the locale from environment variables, the LC_* and LANG set of variables.
I tried out the configuration without sssd. So i changed the Shell for the user manually using "chsh username" to /usr/bin/tlog-rec-session.
SSH into it worked, but not from every ssh client. So i think this must be an client configuration.
Do you have SendEnv defined in your client SSH configuration? Please investigate the difference in client profile settings, especially related to language/locale environment variables.