[Thinlinc-technical] sshd error msg
Patrik Pira
papira at p.homeunix.net
Tue Jan 18 14:40:10 CET 2011
On 01/18/2011 04:06 AM, h zerbes wrote:
> On 18/01/11 06:29, Christian Nygaard wrote:
>> The recommended way is to run Thinlinc without Apparmor although less
>> secure it is more compatible.
>> I've run into problems running for example evince with Apparmor on.
Evince has a restricted apparmor profile on recent ubuntu distros. What
you are seeing is that evince is not allowed to read your xauthority
file as this resides in /var/opt/thinlinc/sessions/<username>.
You can add /var/opt/thinlinc/sessions as an "additional home directory
location" in apparmor, just do "sudo dpkg-reconfigure apparmor".
> Thanks again, Christian!
>
> I turned off apparmor using /etc/init.d/apparmor teardown and restarted
> the vsmserver.
> As soon as I succesfully connect via thinlinc from a Ubuntu 10.10
> desktop to the thinlinc server running Ubuntu 10.04 LTS desktop in a
> VMware virtual machine, I get:
>
>
> ==> auth.log <==
> Jan 18 13:58:57 srv205 sshd[2379]: Accepted password for guest from
> 172.27.26.15 port 50306 ssh2
> Jan 18 13:58:57 srv205 sshd[2379]: pam_unix(sshd:session): session
> opened for user guest by (uid=0)
>
> ==> vsmserver.log <==
> 2011-01-18 13:58:57 INFO vsmserver.session: User with uid 1001 (guest)
> requested a new session
>
> ==> auth.log <==
> Jan 18 13:58:58 srv205 sshd[2379]: pam_unix(sshd:session): session
> closed for user guest
> Jan 18 13:58:58 srv205 sshd[2495]: Accepted password for guest from
> 172.27.26.15 port 50308 ssh2
> Jan 18 13:58:58 srv205 sshd[2495]: pam_unix(sshd:session): session
> opened for user guest by (uid=0)
>
> ==> vsmserver.log <==
> 2011-01-18 13:58:58 INFO vsmserver: VSM Agent 127.0.0.1 successfully
> created a new session for guest
> ==> auth.log <==
> Jan 18 14:01:15 srv205 sshd[2617]: last message repeated 16 times
> Jan 18 14:01:15 srv205 sshd[2939]: Accepted publickey for root from
> 172.27.26.15 port 50379 ssh2
> Jan 18 14:01:15 srv205 sshd[2939]: pam_unix(sshd:session): session
> opened for user root by (uid=0)
> Jan 18 14:01:18 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
> Jan 18 14:02:19 srv205 sshd[2617]: last message repeated 25 times
>
> ==> syslog <==
> Jan 18 13:59:31 srv205 kernel: [ 2074.089514] RPC: Registered udp
> transport module.
> Jan 18 13:59:31 srv205 kernel: [ 2074.089516] RPC: Registered tcp
> transport module.
> Jan 18 13:59:31 srv205 kernel: [ 2074.089518] RPC: Registered tcp
> NFSv4.1 backchannel transport module.
>
> ==> auth.log <==
> Jan 18 13:59:32 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
>
> ==> syslog <==
> Jan 18 13:59:32 srv205 gnome-session[2691]: WARNING: Unable to determine
> session: Unable to lookup session information for process '2691'
>
> ==> auth.log <==
> Jan 18 14:00:01 srv205 sshd[2617]: last message repeated 11 times
> Jan 18 14:00:01 srv205 CRON[2855]: pam_unix(cron:session): session
> opened for user root by (uid=0)
> Jan 18 14:00:01 srv205 CRON[2855]: pam_unix(cron:session): session
> closed for user root
>
> ==> syslog <==
> Jan 18 14:00:01 srv205 CRON[2856]: (root) CMD
> (/opt/thinlinc/sbin/tl-collect-licensestats)
>
> ==> auth.log <==
> Jan 18 14:00:03 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
>
> ==> syslog <==
> Jan 18 14:00:12 srv205 NetworkManager: <info> Unmanaged Device found;
> state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
>
> ==> auth.log <==
> Jan 18 14:00:34 srv205 sshd[2617]: last message repeated 14 times
>
> ==> syslog <==
> Jan 18 14:00:12 srv205 NetworkManager: <info> Unmanaged Device found;
> state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
> Jan 18 14:00:35 srv205 AptDaemon: INFO: Initializing daemon
>
>
>
> ==> vsmserver.log <==
> 2011-01-18 13:25:24 INFO vsmserver.license: License summary: 10
> concurrent users. Hard limit of 11 concurrent users.
> 2011-01-18 13:25:24 INFO vsmserver.session: Loaded 0 sessions for 0
> users from file
> 2011-01-18 13:57:31 INFO vsmserver: Got SIGTERM, signaling process to quit
> 2011-01-18 13:57:31 INFO vsmserver: Terminating. Have a nice day!
> 2011-01-18 13:57:33 INFO vsmserver: VSM Server version 3.1.2 build 2751
> started
> 2011-01-18 13:57:33 INFO vsmserver.license: Updating license data from
> disk to memory
> 2011-01-18 13:57:33 INFO vsmserver.license: License summary: 10
> concurrent users. Hard limit of 11 concurrent users.
> 2011-01-18 13:57:33 INFO vsmserver.session: Loaded 0 sessions for 0
> users from file
> 2011-01-18 13:58:57 INFO vsmserver.session: User with uid 1001 (guest)
> requested a new session
> 2011-01-18 13:58:58 INFO vsmserver: VSM Agent 127.0.0.1 successfully
> created a new session for guest
>
> Any ideas where the
>
> channel 11: open failed: connect failed: Connection refused
>
> comes from every two seconds?
>
> Regards,
> heinz
>
>
>
>>
>> Kind regards,
>> Christian
>>
>> 2011/1/17 h zerbes <heze54 at gmail.com <mailto:heze54 at gmail.com>>
>>
>> Hello Christian,
>>
>> I guess I left an important bit out in my mail: I can successfully
>> connect from the thinclient to the server and get the X11 display
>> back, no problem.
>>
>> tl-setup initially gave some warnings which I wrote down, then
>> installed:
>>
>>
>> lsb-graphics-ia32
>> pyhton-ldap
>> apache2
>>
>> for webmin:
>> perl5
>> libnet-ssleay-perl libauthen-pam-perl libio-pty-perl
>> apt-show-versions libapt-pkg-perl
>> download webmin.deb and install
>>
>> and then run the thinlinc installer again. This time no error msg.
>>
>> Hmm, apparmor is news to me, although I've been working with Linux
>> for more than 20 years! Wow... But it is loaded:
>>
>> root at srv205:/var/log# apparmor_status
>> apparmor module is loaded.
>> 10 profiles are loaded.
>> 10 profiles are in enforce mode.
>> /sbin/dhclient3
>> /usr/bin/evince
>> /usr/bin/evince-previewer
>> /usr/bin/evince-thumbnailer
>> /usr/lib/NetworkManager/nm-dhcp-client.action
>> /usr/lib/connman/scripts/dhclient-script
>> /usr/lib/cups/backend/cups-pdf
>> /usr/sbin/cupsd
>> /usr/sbin/tcpdump
>> /usr/share/gdm/guest-session/Xsession
>> 0 profiles are in complain mode.
>> 1 processes have profiles defined.
>> 1 processes are in enforce mode :
>> /usr/sbin/cupsd (7998)
>> 0 processes are in complain mode.
>> 0 processes are unconfined but have a profile defined.
>>
>>
>> And ssh is allowed.
>>
>> Sorry for the confusion, thinlinc client works, but I was checking
>> /var/log/syslog to see if something complains when I noticed those
>> error msgs.
>>
>> Any suggestions?
>>
>> Thanks,
>> heinz
>>
>>
>>
>>
>> On 17/01/11 21:39, Christian Nygaard wrote:
>>> Hi!
>>>
>>> Did the tl-setup succeed?
>>> Have you tried manual ssh from the thinclient to the vsmagent?
>>> Is Apparmor disabled?
>>> Is iptables allowing ssh?
>>>
>>> Kind regards,
>>> Christian
>>>
>>> 2011/1/17 h zerbes <heze54 at gmail.com <mailto:heze54 at gmail.com>>
>>>
>>> Hello,
>>>
>>> after installing thinlinc-3.1.2-servercd.iso on a patched
>>> Ubuntu 10.04 running
>>> in an ESXi VM, I get tons of msgs in syslog:
>>>
>>> Jan 16 23:32:57 srv205 sshd[27296]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:32:59 srv205 sshd[28291]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:33:00 srv205 sshd[28291]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:33:02 srv205 sshd[27296]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:33:02 srv205 sshd[27296]: channel 12: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:33:04 srv205 sshd[28291]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>> Jan 16 23:33:05 srv205 sshd[28291]: channel 11: open failed:
>>> connect failed:
>>> Connection refused
>>>
>>>
>>> while connected with the thinlinc client (from a different
>>> Ubuntu 10.10 desktop).
>>>
>>> Any ideas how to find out what channels 11 and 12 mean? There
>>> are no other TCP
>>> packets going between the two hosts than ssh.
>>>
>>> TIA,
>>> henry
>>>
>>>
>>>
>>> _______________________________________________
>>> Thinlinc-technical mailing list
>>> Thinlinc-technical at lists.cendio.se
>>> <mailto:Thinlinc-technical at lists.cendio.se>
>>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> Christian Nygaard, Sysadmin Room: 1:4115
>> Department of Mathematics,
>> Uppsala University.
>> Phone: +46 (0)18 - 471 32 77
>> Mobile: +46 (0)704 - 91 50 22
>>
>
>
>
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
More information about the Thinlinc-technical
mailing list