No such file or directory when trying to ssh

[nardusg]

Hi

Running out of ideas and been googling allot. When I login I get logged out immediately ? When I try to test from shell when logged in it works fine. Any ideas?

Centos 8, journal writer

Aug 17 14:59:38 server-01 -tlog-rec-session[8071]: {"ver":"2.2","host":"server-01","rec":"996685db744e446eaef0ea2943452606-1f87-222f0","user":"myuser","term":"screen-256color","session":9,"id":1,"pos":0,"timing":"=105x25+1>46","in_txt":"","in_bin":[],"out_txt":"No such file or directory\r\nFailed executing \r\n","out_bin":[]}
Aug 17 14:59:38 server-01 sshd[8070]: Received disconnect from 10.97.146.262 port 53674:11: disconnected by user

Thanks

Nar

[justin-stephenson]

Hello,

Perhaps strace will give some clue of what file/directory is attempting to be accessed or executed returning ENOENT (No such file or directory).

[nardusg]

Cool, will have a look, saw some examples. Is the pid the pid of sssd ?

[justin-stephenson]

The problem only happens when logging in with SSSD?

What does your sssd session recording configuration look like? Are you using setup steps similar to the following?

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/recording_sessions/deploying-session-recording-getting-started-with-session-recording

SSSD will look for the tlog-rec-session binary in /usr/bin/tlog-rec-session and it needs to be executable.

[spbnick]

This looks like something set the tlog's shell-to-start to an empty string.

[nardusg]

ls -slrth /usr/bin/tlog-rec-session
16K -rwsr-sr-x 1 tlog tlog 13K Apr 7 03:17 /usr/bin/tlog-rec-session

[nardusg]

122568 06:57:03.321255 write(6</var/log/sssd/sssd_somedomain.co.za.log>, "(Tue Aug 18 06:57:03 2020) [sssd[be[somedomain.co.za]]] [simple_check_get_groups_primary] (0x0040): Could not look up primary group [1375800513]: [2][No such file or directory]\n", 170) = 170 <0.000039>

[nardusg]

cat sssd-session-recording.conf
[session_recording]
scope=all

[nardusg]

122568 06:57:03.321255 write(6</var/log/sssd/sssd_somedomain.co.za.log>, "(Tue Aug 18 06:57:03 2020) [sssd[be[somedomain.co.za]]] [simple_check_get_groups_primary] (0x0040): Could not look up primary group [1375800513]: [2][No such file or directory]\n", 170) = 170 <0.000039>

This is the only reference that I get pointing to "No such file or directory" in the strace

[justin-stephenson]

When SSSD overlays the session recording configuration for tlog, SSSD sets an environment variable TLOG_REC_SESSION_SHELL to the original user's shell, when tlog-rec-session is run it executes the actual user's shell to spawn inside of a recorded process.

If I run the following on my system to indicate an empty string retrieved as the user's original shell:

export TLOG_REC_SESSION_SHELL=""
$ tlog-rec-session -c ls

Then I see the same error as you.

MESSAGE={"ver":"2.2","host":"agalloch.attlocal.net","rec":"811a02dbdd7e48269e6d594bf96aa51b-14b05-61bf20","user":"justin","term":"screen","session":3,"id":1,"pos":0,"timing":"=238x54+1>46","in_txt":"","in_bin":[],"out_txt":"No such file or directory\r\nFailed executing \r\n","out_bin":[]}

SSSD should read the user's original shell from NSS (getent passwd $user). Note that you will need to change scope=none in the session recording section first, otherwise NSS will return tlog-rec-session as the user's shell. You may also want to check the 'passwd' line in /etc/nsswitch.conf

[justin-stephenson]

Hi @nardusg did you have any luck figuring out the issue ?

[nardusg]

Sorry, still busy. Will check over the weekend or later today

[Serverhamster]

I had the same error due to getent passwd $user not returning a shell. (LDAP did not contain that value)
This was fixed by placing the following in /etc/sssd/sssd.conf:

[domain/default]
...
default_shell = /bin/bash

[Marcwa19197]

Hello,

im using Fedora 33 and installed tlog from repositories.
I also followed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/recording_sessions/index to set it up correctly.

But im getting the same issue, i cant login with ssh from an remote machine anymore.
SSH gets me:

No such file or directory
Failed setting locale from environment variables
Connection to xxx closed.

getent passwd username is showing me the "/usr/bin/tlog-rec-session" as shell, which should be correct:
username:x:1000:1000:username:/home/username:/usr/bin/tlog-rec-session

Permissions for /usr/bin/tlog-rec-session:
-rwsr-sr-x. 1 tlog tlog 16072 Jan 19 22:31 /usr/bin/tlog-rec-session

If i do an ssh username@localhost it is working, showing me the recording-warning in motd and it is recording my actions.
I do not have an /etc/sssd/sssd.conf. I also tried creating one with content:

[domain/local]
id_provider = files
default_shell = /bin/bash #<-- i also tried without that....

[sssd]
domains = local

I also tried the same on a fresh installed Fedora 33 machine. Same issue.
Version installed is: tlog-11-1.fc33.src.rpm

What can i do? :-/

Thanks.

[Marcwa19197]

I tried out the configuration without sssd.
So i changed the Shell for the user manually using "chsh username" to /usr/bin/tlog-rec-session.

SSH into it worked, but not from every ssh client.
So i think this must be an client configuration.

It is working out of an ubuntu 18.04 machine, but for example not from my local mac os machine.

[justin-stephenson]

Hello,

im using Fedora 33 and installed tlog from repositories.
I also followed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/recording_sessions/index to set it up correctly.

But im getting the same issue, i cant login with ssh from an remote machine anymore.
SSH gets me:

No such file or directory
Failed setting locale from environment variables
Connection to xxx closed.

Hi, the failure happens in attempting setting the locale from environment variables, the LC_* and LANG set of variables.

I tried out the configuration without sssd.
So i changed the Shell for the user manually using "chsh username" to /usr/bin/tlog-rec-session.

SSH into it worked, but not from every ssh client.
So i think this must be an client configuration.

Do you have SendEnv defined in your client SSH configuration? Please investigate the difference in client profile settings, especially related to language/locale environment variables.