Subject: Re: emergency advice needed
To: Steve Blinkhorn <steve@prd.co.uk>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: port-i386
Date: 06/30/2006 15:53:25
On Fri, 30 Jun 2006 20:47:40 +0100 (BST), Steve Blinkhorn
<steve@prd.co.uk> wrote:
> >
> > On Fri, Jun 30, 2006 at 07:16:14PM +0100, Steve Blinkhorn wrote:
> > > I think I see where the problem may lie. The window I currently have
> > > open onto this machine is a su shell. But if I try to su again, I
> > > get "pam_start failed". IIRC this relates to the warning in the
> > > docs and what I am most concerned about.
> >
> > Yes, PAM should be the only big problem. You can install /etc/pam.d from
> > the 3.0 etc.tar.gz, that should make PAM working.
> >
> > There used to be a UsePam=no option you could add to /etc/ssh/sshd_config to
> > make it not use PAM, but I can't find this in the docuementation now.
> >
>
> Unfortunately I no longer have a working tar (otherwise I could just
> untar 1.6.2 executables from the ISO image I had intended to mount,
> rather than the 3.0 I actually did). So the question is whether
> there is a way to circumvent PAM so I can login remotely if I get my
> ISP to reboot with the 3.0 kernel.
>
Try doing
echo 'UsePam no' >>/etc/ssh/sshd_config
to add the line. (Yes, that's the right option; I use it.)
Do any of the commands in /rescue work? I see tar there.
Does cat work? Cat the proper files from some other machine in another
window, and use cat to create the files you need in /etc/pam.d. (That
assumes, of course, that mkdir still works -- it's in /rescue, too.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb