The reason for the failure seems to be in default configuration of PAM
for SSH.
If I understand correctly, PAM is configured to enforce session keys revocation
upon termination of parent SSHD process:
--- /etc/pam.d/sshd ---
...
# Create a new session keyring.
session optional pam_keyinit.so force revoke
...
---
Some environments connect using ssh and then "detach" from it, which
probably causes session key termination.
As a workaround I propose commenting out "force revoke" in
/etc/pam.d/sshd.
Note: There might be security related repercussions!
** Package changed: apparmor (Ubuntu) => pam (Ubuntu)
** Package changed: linux (Ubuntu) => x2goclient (Ubuntu)
** Changed in: x2goclient (Ubuntu)
Status: Opinion => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1377924
Title:
ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into
the KEY_SPEC_SESSION_KEYRING)
Status in openssh package in Ubuntu:
Confirmed
Status in pam package in Ubuntu:
Confirmed
Status in x2goclient package in Ubuntu:
Confirmed
Bug description:
This is a reincarnation of Bug #1234412.
Looks like issue is not related to specific kernel versions.
Currently I am observing two Trusty (14.04) machines, with very close
configuration, running same kernel:
3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64.
One is able to mount without the problem but the other is refusing:
$ mount -t ecryptfs sec sec
Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING;
there is something wrong with your kernel keyring. Did you build key retention
support into your kernel?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1377924/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
