You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure if this is a known/expected result or not (and it's really more of an OpenSSH and/or glib issue than a tpm2-provider issue), but I guess it should at least be documented:
Yesterday I tried enabling the tpm2 provider globally via /etc/ssl/openssl.cnf, adding:
After doing so, sshd started rejecting logins and complaining about syntax errors in various configuration files. It seems that loading the provider causes a GDBus worker thread to be spawned (as it connects to tpm2-abrmd), but then the sshd process closes all file descriptors – including the D-Bus socket opened by gdbus – and proceeds to open various other files at the same file descriptor that the gdbus thread is still reading from.
The result of that is: if UsePAM is enabled, then various PAM modules open a config file, try to read it, and think that a chunk of the config is missing (because the gdbus thread has read it); if UsePAM is disabled, the gdbus thread spins at 100% CPU trying to read from an invalid fd.
The text was updated successfully, but these errors were encountered:
I have the same problem.
I am trying to connect the python websockets library to the tpm. The whole thing in a docker container under ubuntu 22.04 with the OpenSSL version 3.0.2. Since I have not found a way to customize the provider in the websockets or ssl library, I wanted to customize the config as above.
However, the CPU is utilized to 100% and the ssh connection is no longer possible.
Not sure if this is a known/expected result or not (and it's really more of an OpenSSH and/or glib issue than a tpm2-provider issue), but I guess it should at least be documented:
Yesterday I tried enabling the tpm2 provider globally via /etc/ssl/openssl.cnf, adding:
After doing so, sshd started rejecting logins and complaining about syntax errors in various configuration files. It seems that loading the provider causes a GDBus worker thread to be spawned (as it connects to tpm2-abrmd), but then the sshd process closes all file descriptors – including the D-Bus socket opened by gdbus – and proceeds to open various other files at the same file descriptor that the gdbus thread is still reading from.
The result of that is: if UsePAM is enabled, then various PAM modules open a config file, try to read it, and think that a chunk of the config is missing (because the gdbus thread has read it); if UsePAM is disabled, the gdbus thread spins at 100% CPU trying to read from an invalid fd.
The text was updated successfully, but these errors were encountered: