Skip to content

pam-abl causes OpenSSH server to crash

Two users have reported that OpenSSH server crashes when trying to login after distribution upgrade to Trixie: https://discuss.freedombox.org/t/initial-ssh-session-freezes-then-new-connection-attempt-fail/3832/4 After debugging the crash and collecting stack trace, it seems pam-abl is responsible for it. Backtrace looks something like this:

Program received signal SIGBUS, Bus error.
0xb644407a in nextAttempt () from /usr/lib/arm-linux-gnueabihf/security/pam_abl.so
(gdb)

User was able to fix the problem by running mkdir ~/abl-backup; mv /var/lib/abl/* ~/abl-backup.

  • Another user has also reported problems with login and had to clear their pam-abl database to be able to successfully login.
  • PAM abl very routinely prints scary looking messages causing user confusion.
  • It prints messages about its database being corrupt. Modern databases like sqlite3 can use journaling and don't get corrupted as long as disk does not fail.
  • We use fail2ban for failed login attempts over network. So, pam-abl seems to be only useful for tty logins and 'su -' type logins.
  • Over the years, we have had a lot of issues with it.
  • It was last updated in 2013.

Perhaps we should reconsider pam-abl inclusion in FreedomBox.