-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FIXED] ubuntu 14.04 container with ssh login issues #5663
Comments
Hmm... after a good nights sleep, this seems to be related to #5529 |
I've just restarted debugging the issue. This does seem to relate to the non writeable /proc/ for the SSH daemon.. (mentioned in #5529 ) I've now come to the conclusion that since the 0.11 (and 0.11.1) versions in order to run the SSH daemon the container itself has to be started in Does this have any other sideeffects? (when the app is trusted etc) |
After doing more searches and searches i found #5554 and from there i changed my docker file to include the SED command:
it solves the issue: i can now run |
The change to /etc/pam.d/sshd worked for me. Thanks, I'd been banging my head. |
Thank you. I have the same issue and it works for me. |
@SvenDowideit wouldn't it make sense to add this sed to the "running_ssh_service" example page, and update it to explicitly use 14.04 now? |
+1 to @tianon's comment above... I threw many hours at this last night, even suspected pam problems at one point but others were so skeptical I looked no farther in that direction and kept chasing other leads. The example at http://docs.docker.io/examples/running_ssh_service/ really should be updated and confirmed to work for 14.04. |
+1 to @fruitl00p fix |
Fixed by #5903 |
I just had this issue, but I also have it with ubuntu:13.10 container image |
@Gaetan- It's not the container that's the issue, its the elevated security features in docker 0.11 before the fix of #5903 :) |
Oh! ok, thank you, I did not understand all that very well ;) |
It's fixed on Docker 1.0.1.
sed -ri 's/^session\s+required\s+pam_loginuid.so$/session optional pam_loginuid.so/' /etc/pam.d/sshd |
I posted an explanation for this issue, which affects most Linux distributions as guests, but not Ubuntu >= Wily (15.10), on LXC issue 661. |
sshd containers don't let logins on some systems with older PAM library because /proc/self/loginuid is not always readable or writeable. Examples of possible failures on such systems are erroneous cold and live migrations. This fix does not upgrade PAM but makes pam_loginuid optional for nova_ssh and keystone_ssh. More information: moby/moby#5663 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726661 https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_loginuid/pam_loginuid.c#n61 Change-Id: Ic14255b042ceedcff536c062bdcba00502af7a87 Closes-Bug: #1651395
I've tried to use this Docker image with AWS ECS but always got a PAM exception as suggested in this Docker issue moby/moby#5663 the sed command I just added fixed the issue of connecting via SSH to a Docker container.
I've tried to use this Docker image with AWS ECS but always got a PAM exception as suggested in this Docker issue moby/moby#5663 the sed command I just added fixed the issue of connecting via SSH to a Docker container.
after booting a container that starts a script which in the background runs a
service ssh start
i'm unable to login remotely.(the logs showing:
BUT after running
sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* inside
the container everything works.docker info:
docker version:
(this is based on a clean install on EC2 using the get.docker.io userdata way)
I havnt had this issue on an 0.10 docker version running via the devicemapper storage driver... Does that have anything to do with this?
The text was updated successfully, but these errors were encountered: