Applies to: Centrify-Enabled OpenSSH on Ubuntu 10
Problem: Attempting to SSH into a Ubuntu system with an AD account fails with a "
Broken Pipe" error.
Connecting via SSH with a local account (non-AD) works with no issues.
Cause: On Ubuntu 10.04, the
lib_pthread library is too old.
When attempting to SSH with an AD account, the client remoting in tries do Single-Sign-On, however GSSAPI cannot obtain a mutex through
lib_pthread, and so fails. This error event in turn closes the connection with the given error.
(As of time of writing; Ubuntu is already on version 13 with version 10 Desktop already at end-of-life support and Server ending in 2015)
Workaround:Remove
lib_pthread from the SSH configuration:
Edit
/etc/centrifydc/ssh/sshd_config, find and edit the following lines:
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
..to:
#GSSAPIAuthentication yes
#GSSAPIKeyExchange yes
#GSSAPICleanupCredentials yes
Restart
sshd by running:
/etc/init.d/centrify-sshd restart
Once the process has restarted, try to SSH into the server again to test the connection.
Resolution:Since the issue is in an older version of
lib_pthread, it is recommended to update to a more recent version of Ubuntu.
Please note that this is not a Centrify issue.