pam_unix(sshd:session) session opened for user NOT ROOT by (uid=0), then closes immediately using using TortiseSVN
- by codewaggle
I'm having problems accessing an SVN repository using TortoiseSVN 1.7.8.
The SVN repository is on a CentOS 6.3 box and appears to be functioning correctly.
# svnadmin --version
# svnadmin, version 1.6.11 (r934486)
I can access the repository from another CentOS box with this command:
svn list svn+ssh://[email protected]/var/svn/joetest
But when I attempt to browse the repository using TortiseSVN from a Win 7 workstation I'm unable to do so using the following path:
svn+ssh://[email protected]/var/svn/joetest
I'm able to login via SSH from the workstation using Putty.
The results are the same if I attempt access as root.
I've given ownership of the repository to USER:USER and ran chmod 2700 -R /var/svn/.
Because I can access the repository via ssh from another Linux box, permissions don't appear to be the problem.
When I watch the log file using tail -fn 2000 /var/log/secure, I see the following each time TortiseSVN asks for the password:
Sep 26 17:34:31 dev sshd[30361]: Accepted password for USER from xx.xxx.xx.xxx port 59101 ssh2
Sep 26 17:34:31 dev sshd[30361]: pam_unix(sshd:session): session opened for user USER by (uid=0)
Sep 26 17:34:31 dev sshd[30361]: pam_unix(sshd:session): session closed for user USER
I'm actually able to login, but the session is then closed immediately.
It caught my eye that the session is being opened for USER by root (uid=0), which may be correct, but I'll mention it in case it has something to do with the problem.
I looked into modifying the svnserve.conf, but as far as I can tell, it's not used when accessing the repository via svn+ssh, a private svnserve instance is created for each log in via this method. From the manual:
There's still a third way to invoke svnserve, and that's in “tunnel
mode”, with the -t option. This mode assumes that a remote-service
program such as RSH or SSH has successfully authenticated a user and
is now invoking a private svnserve process as that user. The svnserve
program behaves normally (communicating via stdin and stdout), and
assumes that the traffic is being automatically redirected over some
sort of tunnel back to the client. When svnserve is invoked by a
tunnel agent like this, be sure that the authenticated user has full
read and write access to the repository database files. (See Servers
and Permissions: A Word of Warning.) It's essentially the same as a
local user accessing the repository via file:/// URLs.
The only non-default settings in sshd_config are:
Protocol 2 # to disable Protocol 1
SyslogFacility AUTHPRIV
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
Subsystem sftp /usr/libexec/openssh/sftp-server
Any thoughts?
