[Thinlinc-technical] sshd error msg

Patrik Pira papira at p.homeunix.net
Tue Jan 18 14:40:10 CET 2011 

On 01/18/2011 04:06 AM, h zerbes wrote:
> On 18/01/11 06:29, Christian Nygaard wrote:
>> The recommended way is to run Thinlinc without Apparmor although less
>> secure it is more compatible.
>> I've run into problems running for example evince with Apparmor on.

Evince has a restricted apparmor profile on recent ubuntu distros. What 
you are seeing is that evince is not allowed to read your xauthority 
file as this resides in /var/opt/thinlinc/sessions/<username>.

You can add /var/opt/thinlinc/sessions as an "additional home directory 
location" in apparmor, just do "sudo dpkg-reconfigure apparmor".


> Thanks again, Christian!
>
> I turned off apparmor using /etc/init.d/apparmor teardown and restarted
> the vsmserver.
> As soon as I succesfully connect via thinlinc from a Ubuntu 10.10
> desktop to the thinlinc server running Ubuntu 10.04 LTS desktop in a
> VMware virtual machine, I get:
>
>
> ==> auth.log <==
> Jan 18 13:58:57 srv205 sshd[2379]: Accepted password for guest from
> 172.27.26.15 port 50306 ssh2
> Jan 18 13:58:57 srv205 sshd[2379]: pam_unix(sshd:session): session
> opened for user guest by (uid=0)
>
> ==> vsmserver.log <==
> 2011-01-18 13:58:57 INFO vsmserver.session: User with uid 1001 (guest)
> requested a new session
>
> ==> auth.log <==
> Jan 18 13:58:58 srv205 sshd[2379]: pam_unix(sshd:session): session
> closed for user guest
> Jan 18 13:58:58 srv205 sshd[2495]: Accepted password for guest from
> 172.27.26.15 port 50308 ssh2
> Jan 18 13:58:58 srv205 sshd[2495]: pam_unix(sshd:session): session
> opened for user guest by (uid=0)
>
> ==> vsmserver.log <==
> 2011-01-18 13:58:58 INFO vsmserver: VSM Agent 127.0.0.1 successfully
> created a new session for guest
> ==> auth.log <==
> Jan 18 14:01:15 srv205 sshd[2617]: last message repeated 16 times
> Jan 18 14:01:15 srv205 sshd[2939]: Accepted publickey for root from
> 172.27.26.15 port 50379 ssh2
> Jan 18 14:01:15 srv205 sshd[2939]: pam_unix(sshd:session): session
> opened for user root by (uid=0)
> Jan 18 14:01:18 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
> Jan 18 14:02:19 srv205 sshd[2617]: last message repeated 25 times
>
> ==> syslog <==
> Jan 18 13:59:31 srv205 kernel: [ 2074.089514] RPC: Registered udp
> transport module.
> Jan 18 13:59:31 srv205 kernel: [ 2074.089516] RPC: Registered tcp
> transport module.
> Jan 18 13:59:31 srv205 kernel: [ 2074.089518] RPC: Registered tcp
> NFSv4.1 backchannel transport module.
>
> ==> auth.log <==
> Jan 18 13:59:32 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
>
> ==> syslog <==
> Jan 18 13:59:32 srv205 gnome-session[2691]: WARNING: Unable to determine
> session: Unable to lookup session information for process '2691'
>
> ==> auth.log <==
> Jan 18 14:00:01 srv205 sshd[2617]: last message repeated 11 times
> Jan 18 14:00:01 srv205 CRON[2855]: pam_unix(cron:session): session
> opened for user root by (uid=0)
> Jan 18 14:00:01 srv205 CRON[2855]: pam_unix(cron:session): session
> closed for user root
>
> ==> syslog <==
> Jan 18 14:00:01 srv205 CRON[2856]: (root) CMD
> (/opt/thinlinc/sbin/tl-collect-licensestats)
>
> ==> auth.log <==
> Jan 18 14:00:03 srv205 sshd[2617]: channel 11: open failed: connect
> failed: Connection refused
>
> ==> syslog <==
> Jan 18 14:00:12 srv205 NetworkManager: <info> Unmanaged Device found;
> state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
>
> ==> auth.log <==
> Jan 18 14:00:34 srv205 sshd[2617]: last message repeated 14 times
>
> ==> syslog <==
> Jan 18 14:00:12 srv205 NetworkManager: <info> Unmanaged Device found;
> state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
> Jan 18 14:00:35 srv205 AptDaemon: INFO: Initializing daemon
>
>
>
> ==> vsmserver.log <==
> 2011-01-18 13:25:24 INFO vsmserver.license: License summary: 10
> concurrent users. Hard limit of 11 concurrent users.
> 2011-01-18 13:25:24 INFO vsmserver.session: Loaded 0 sessions for 0
> users from file
> 2011-01-18 13:57:31 INFO vsmserver: Got SIGTERM, signaling process to quit
> 2011-01-18 13:57:31 INFO vsmserver: Terminating. Have a nice day!
> 2011-01-18 13:57:33 INFO vsmserver: VSM Server version 3.1.2 build 2751
> started
> 2011-01-18 13:57:33 INFO vsmserver.license: Updating license data from
> disk to memory
> 2011-01-18 13:57:33 INFO vsmserver.license: License summary: 10
> concurrent users. Hard limit of 11 concurrent users.
> 2011-01-18 13:57:33 INFO vsmserver.session: Loaded 0 sessions for 0
> users from file
> 2011-01-18 13:58:57 INFO vsmserver.session: User with uid 1001 (guest)
> requested a new session
> 2011-01-18 13:58:58 INFO vsmserver: VSM Agent 127.0.0.1 successfully
> created a new session for guest
>
> Any ideas where the
>
> channel 11: open failed: connect failed: Connection refused
>
> comes from every two seconds?
>
> Regards,
> heinz
>
>
>
>>
>> Kind regards,
>> Christian
>>
>> 2011/1/17 h zerbes <heze54 at gmail.com <mailto:heze54 at gmail.com>>
>>
>>     Hello Christian,
>>
>>     I guess I left an important bit out in my mail: I can successfully
>>     connect from the thinclient to the server and get the X11 display
>>     back, no problem.
>>
>>     tl-setup initially gave some warnings which I wrote down, then
>>     installed:
>>
>>
>>     lsb-graphics-ia32
>>     pyhton-ldap
>>     apache2
>>
>>     for webmin:
>>     perl5
>>     libnet-ssleay-perl libauthen-pam-perl libio-pty-perl
>>     apt-show-versions libapt-pkg-perl
>>     download webmin.deb and install
>>
>>     and then run the thinlinc installer again. This time no error msg.
>>
>>     Hmm, apparmor is news to me, although I've been working with Linux
>>     for more than 20 years! Wow... But it is loaded:
>>
>>     root at srv205:/var/log# apparmor_status
>>     apparmor module is loaded.
>>     10 profiles are loaded.
>>     10 profiles are in enforce mode.
>>     /sbin/dhclient3
>>     /usr/bin/evince
>>     /usr/bin/evince-previewer
>>     /usr/bin/evince-thumbnailer
>>     /usr/lib/NetworkManager/nm-dhcp-client.action
>>     /usr/lib/connman/scripts/dhclient-script
>>     /usr/lib/cups/backend/cups-pdf
>>     /usr/sbin/cupsd
>>     /usr/sbin/tcpdump
>>     /usr/share/gdm/guest-session/Xsession
>>     0 profiles are in complain mode.
>>     1 processes have profiles defined.
>>     1 processes are in enforce mode :
>>     /usr/sbin/cupsd (7998)
>>     0 processes are in complain mode.
>>     0 processes are unconfined but have a profile defined.
>>
>>
>>     And ssh is allowed.
>>
>>     Sorry for the confusion, thinlinc client works, but I was checking
>>     /var/log/syslog to see if something complains when I noticed those
>>     error msgs.
>>
>>     Any suggestions?
>>
>>     Thanks,
>>     heinz
>>
>>
>>
>>
>>     On 17/01/11 21:39, Christian Nygaard wrote:
>>>     Hi!
>>>
>>>     Did the tl-setup succeed?
>>>     Have you tried manual ssh from the thinclient to the vsmagent?
>>>     Is Apparmor disabled?
>>>     Is iptables allowing ssh?
>>>
>>>     Kind regards,
>>>     Christian
>>>
>>>     2011/1/17 h zerbes <heze54 at gmail.com <mailto:heze54 at gmail.com>>
>>>
>>>         Hello,
>>>
>>>         after installing thinlinc-3.1.2-servercd.iso on a patched
>>>         Ubuntu 10.04 running
>>>         in an ESXi VM, I get tons of msgs in syslog:
>>>
>>>         Jan 16 23:32:57 srv205 sshd[27296]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:32:59 srv205 sshd[28291]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:33:00 srv205 sshd[28291]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:33:02 srv205 sshd[27296]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:33:02 srv205 sshd[27296]: channel 12: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:33:04 srv205 sshd[28291]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>         Jan 16 23:33:05 srv205 sshd[28291]: channel 11: open failed:
>>>         connect failed:
>>>         Connection refused
>>>
>>>
>>>         while connected with the thinlinc client (from a different
>>>         Ubuntu 10.10 desktop).
>>>
>>>         Any ideas how to find out what channels 11 and 12 mean? There
>>>         are no other TCP
>>>         packets going between the two hosts than ssh.
>>>
>>>         TIA,
>>>         henry
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Thinlinc-technical mailing list
>>>         Thinlinc-technical at lists.cendio.se
>>>         <mailto:Thinlinc-technical at lists.cendio.se>
>>>         http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> Christian Nygaard, Sysadmin Room: 1:4115
>> Department of Mathematics,
>> Uppsala University.
>> Phone: +46 (0)18 - 471 32 77
>> Mobile: +46 (0)704 - 91 50 22
>>
>
>
>
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical

More information about the Thinlinc-technical mailing list