Latest sshd (in openssh) is closing connections (ie refusing logins) right after authentication (even if auth is successeful) if audit is not supported by the kernel. It's supposed to check whether audit is supported and if it is let the login go through. But current check is wrong. It only checks if socket creation failed. The patch basically looks like this --- openssh-4.3p2/loginrec.c 2006-03-07 10:02:29.000000000 -0800 +++ openssh-4.3p2.good/loginrec.c 2006-03-07 09:24:57.000000000 -0800 @@ -1404,6 +1404,14 @@ else return 0; /* Must prevent login */ } + + rc = audit_request_status(audit_fd); + if (rc < 0) { + if (errno == ECONNREFUSED) + return 1; /* No audit support in kernel */ + return 0; /* Must prevent login */ + } +
*** This bug has been marked as a duplicate of 183243 ***