Since I spent so much time in finding out why the hell sshd kept crashing when I turned on ldap-support, other people might as well profit from it. <\/p>\n
This is what happened after I turned on ldap-support in \/etc\/nsswitch.conf and \/etc\/pam.d. According to auth.log: <\/p>\n
\n Jun 6 13:59:12 proto sshd[27433]: fatal: buffer_put_cstring: s == NULL<\/p><\/blockquote>\n
messages also knew something: <\/p>\n
Jun 6 13:59:12 proto kernel: pid 27435 (sshd), uid 0: exited on signal 11
\n Jun 6 13:59:12 proto sshd[27433]: fatal: buffer_put_cstring: s == NULL<\/p><\/blockquote>\nAn sshd segmentation fault when trying to log in. According to what I’ve found in bug-reports, it does this if ldap.conf or nss_ldap.conf does not exist. Only these did exist in my case. debugging-output from nss_ldap turned up nothing, pam_ldap doesn’t even support a debug-flag: “This option is recognized by pam_ldap but is presently ignored.” Says so in the man-page. Thank you. <\/p>\n
The key to it was revealed by putting in “debug 5” into ldap.conf and starting sshd with debugging: <\/p>\n
\n# \/usr\/sbin\/sshd -d -d -d
\n[snip]
\nldap_ndelay_off: 7
\nTLS trace: SSL_connect:before\/connect initialization
\nTLS trace: SSL_connect:SSLv2\/v3 write client hello A
\nTLS trace: SSL_connect:SSLv3 read server hello A
\ndebug1: do_cleanup
\nSegmentation fault: 11\n<\/p><\/blockquote>\nWell, it seems you need either to use ldaps:\/\/servername and not ldaps:\/\/IP in ldap.conf so SSL knows which certificate needs to be used, AND it needs a correct certificate. On the other hand, if I just use ldap:\/\/servername without SSL, then local ssh works again, however I seem to have a problem with all the ldap-services. <\/p>\n
Some debugging of an sshd core-file reveals the following: <\/p>\n
\n#928 0x0806820f in sshpam_thread (ctxtp=0x8079f80)
\n at \/usr\/src\/secure\/usr.sbin\/sshd\/..\/..\/..\/crypto\/openssh\/auth-pam.c:469
\nPrevious frame inner to this frame (corrupt stack?)\n<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"Since I spent so much time in finding out why the hell sshd kept crashing when I turned on ldap-support, other people might as well profit from it. This is what happened after I turned on ldap-support in \/etc\/nsswitch.conf and \/etc\/pam.d. According to auth.log: Jun 6 13:59:12 proto sshd[27433]: fatal: buffer_put_cstring: s == NULL messages […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":0,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"wp:attachment":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}