[Bug 1377924] Re: ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING)
Eugene San
eugenesan at gmail.com
Sat Dec 27 08:28:01 UTC 2014
The reason for the failure seems to be in default configuration of PAM
for SSH.
If I understand correctly, PAM is configured to enforce session keys revocation upon termination of parent SSHD process:
--- /etc/pam.d/sshd ---
...
# Create a new session keyring.
session optional pam_keyinit.so force revoke
...
---
Some environments connect using ssh and then "detach" from it, which
probably causes session key termination.
As a workaround I propose commenting out "force revoke" in
/etc/pam.d/sshd.
Note: There might be security related repercussions!
** Package changed: apparmor (Ubuntu) => pam (Ubuntu)
** Package changed: linux (Ubuntu) => x2goclient (Ubuntu)
** Changed in: x2goclient (Ubuntu)
Status: Opinion => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1377924
Title:
ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into
the KEY_SPEC_SESSION_KEYRING)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1377924/+subscriptions
More information about the Ubuntu-server-bugs
mailing list