Introduction
It seems to me that dropbear ssh daemon from JoKeR's package is configured so it does not support public key authentication. It is possible that I am doing something wrong but I was trying hard to make it work and did not succeed.Finally I decided to build dropbear on my own, since the publickey authentication feature is essential for me (I am using the box for hosting of git repositories and I really do not want to type my password every time I commit a code).
Build result
[binary] [file list]Installation
box# cd /mnt/C box# ./filopack.sh --download dropbear-0.52 Configuration file .filopack/.config file found and used Retrieving package index... (Connecting to http://filodej.ic.cz) Downloading package dropbear-0.52 from http://filodej.ic.cz ... connected! Length: 502 [text/plain] connected! Length: 177,869 [application/x-tar] box# ./filopack.sh --install dropbear-0.52 Configuration file .filopack/.config file found and used Retrieving package index... (Connecting to http://filodej.ic.cz) Sure to unpack dropbear-0.52 locally at /mnt/C (y/n)?y sys/bin/dbclient sys/bin/dropbearmulti sys/bin/dropbearkey sys/bin/dropbearconvert sys/bin/scp sys/sbin/dropbear box# killall dropbear box# dropbearIn this post I am going to describe how I built the dropbear package and diagnosed and solved (or worked around) problems which arose during the whole process.
JoKeR's dropbear
Let's try co connect to the box:If ssh daemon (dropbear in our case) is not running on the box, the error message will likely look as follows:
deb# ssh root@storage ssh: connect to host storage port 22: Connection refusedIf everything is ok, it should look similar to following:
deb# ssh root@storage root@storage's password: < type a password > [ FW 4.00b4.C009-M[NG] ] [ http://mgb111.pradnik.net/ ] box#Now we are trying to get rid of typing the password. We use the RSA public authentication for it.
Publickey authentication
If we do not have a RSA key generated yet, we can generate it as follows:deb# cd ~ deb# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/filodej/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/filodej/.ssh/id_rsa. Your public key has been saved in /home/filodej/.ssh/id_rsa.pub. The key fingerprint is: 89:...:b4... filodej@debianDeploy the public key to the box:
deb# scp .ssh/id_rsa.pub root@storage:/mnt/C/sys/root/.ssh/ root@storage's password: id_rsa.pub 100% 393 0.4KB/s 00:00Now, on the box, append the public key to the list of authorized keys:
box# cd /mnt/C/sys/root/.ssh/ box# cat id_rsa.pub >> authorized_keysFrom now on, the ssh client should not ask for anything (more precisely, it should not ask for password, it should ask for publickey passphrase if we did not leave it empty - for someone it can look similar as password, but it is completely different thing).
Let's try:
deb# ssh root@storage root@storage's password:
Simple diagnostics
Ooops, it seems we did not succeed. Let's do some diagnostics (we can use either of "-v", "-vv", "-vvv" verbose modes, one "v" is sufficiend here):dev# ssh -v root@storage OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to storage [192.168.1.104] port 22. debug1: Connection established. debug1: identity file /home/filodej/.ssh/identity type -1 debug1: identity file /home/filodej/.ssh/id_rsa type 1 debug1: identity file /home/filodej/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.50 debug1: no match: dropbear_0.50 ... debug1: Host 'storage' is known and matches the RSA host key. debug1: Found key in /home/filodej/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: password debug1: Next authentication method: password root@storage's password:Let's try to connect to another machine and compare the trace:
deb# ssh -v root@notasw OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to notasw [192.168.1.103] port 22. debug1: Connection established. debug1: identity file /home/filodej/.ssh/identity type -1 debug1: identity file /home/filodej/.ssh/id_rsa type 1 debug1: identity file /home/filodej/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* ... debug1: Host 'notasw' is known and matches the RSA host key. debug1: Found key in /home/filodej/.ssh/known_hosts:8 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/filodej/.ssh/identity debug1: Offering public key: /home/filodej/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/filodej/.ssh/id_dsa debug1: Next authentication method: password root@notasw's password:We can diff the logs to easily see the differences:
deb# ssh -v root@storage 2> storage.txt root@storage's password: <Ctrl-D> deb# ssh -v root@notasw 2> notas.txt root@notasw's password: <Ctrl-D> deb# diff storage.txt notas.txt 4c4 < debug1: Connecting to storage [192.168.1.104] port 22. --- > debug1: Connecting to notasw [192.168.1.103] port 22. 9,10c9,10 < debug1: Remote protocol version 2.0, remote software version dropbear_0.50 < debug1: no match: dropbear_0.50 --- > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2 > debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* 23,26c23,28 ... < debug1: Host 'storage' is known and matches the RSA host key. < debug1: Found key in /home/filodej/.ssh/known_hosts:4 --- ... > debug1: Host 'notasw' is known and matches the RSA host key. > debug1: Found key in /home/filodej/.ssh/known_hosts:8 33c35,40 < debug1: Authentications that can continue: password --- > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: publickey > debug1: Trying private key: /home/filodej/.ssh/identity > debug1: Offering public key: /home/filodej/.ssh/id_rsa > debug1: Authentications that can continue: publickey,password > debug1: Trying private key: /home/filodej/.ssh/id_dsaIt seems that the JoKeR's daemon is not configured for publickey authentication at all. Ok, let's build our own.
Build process
First we have to download, extract and configure the build:dev# cd /usr/local/src/ dev# wget http://matt.ucc.asn.au/dropbear/dropbear-0.52.tar. bz2 dev# tar xjvf dropbear-0.52.tar.bz2 dev# cd dropbear-0.52 dev# ./configure --prefix /mnt/C/sys ... configure: Now edit options.h to choose features.As the message suggests, now we can set up some additional build options:
dev# nano options.h change: #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" to: #define RSA_PRIV_FILENAME "/mnt/C/sys/etc/dropbear_rsa_host_key" and possibly comment out: #define DROPBEAR_DSS or change: #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" to: #define DSS_PRIV_FILENAME "/mnt/C/sys/etc/dropbear_dss_host_key" leave following unchanged: #define ENABLE_SVR_PASSWORD_AUTH /* PAM requires ./configure --enable-pam */ /*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PUBKEY_AUTH /* Wether to ake public key options in authorized_keys file into account */ #ifdef ENABLE_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_OPTIONS #endif #define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_INTERACT_AUTH... and make:
dev# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" ...It compiled successfully, but I have realized that I prefer to link the dependencies statically:
dev# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" clean dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" ... /mnt/C/sys/lib/gcc/i386-linux-uclibc/4.1.2/../../../../i386-linux-uclibc/bin/ld: cannot find -lz collect2: ld returned 1 exit status... the error means that linker is unable to find a static version of zlib library.
When we investigate that we see taht there is just a dynamic version of the library on the system:
dev# ls /lib/libz* /lib/libz.so.1 /lib/libz.so.1.2.2 dev# ls /mnt/C/sys/lib/libz* /mnt/C/sys/lib/libz*: No such file or directoryWe could pick the sources and build a static version of zlib library, but for now I decided to re-configure the dropbear build and disable the zlib support:
dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" clean dev# ./configure --prefix /mnt/C/sys --disable-zlib STATIC=1 dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"... now it compiled without problems, we can try to install it and upload to the box:
dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install ... dev# scp /mnt/C/sys/sbin/dropbear root@storage:/tmp/Now we can start the brand new version of dropbear daemon on the box:
box# killall dropbear box# /tmp/dropbearAnd try to log in over ssh client (from my debian system):
deb# ssh -vvv root@storage -i ~/.ssh/id_rsa.pub ... debug2: key: /home/filodej/.ssh/id_rsa.pub (0xb7f7b480) debug2: key: (0xb7f7c8e0) debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/filodej/.ssh/identity debug1: Offering public key: /home/filodej/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/filodej/.ssh/id_dsa debug1: Next authentication method: password root@storage's password: debug1: Authentications that can continue: publickey,password Permission denied, please try again. root@storage's password: debug1: Authentications that can continue: publickey,password Permission denied, please try again. root@storage's password:It seems we have done some progress here, but still are not able to authenticate via publickey. And even if we are using the correct password, permission is denied.
List of valid shells
Let's restart the daemon, but now not forking to the background and logging to the stderr rather that syslog:box# dropbear -E -F [4456] Nov 30 23:59:30 Not backgrounding [4462] Nov 30 23:59:56 Child connection from 192.168.1.103:49013 [4462] Dec 01 00:00:08 user 'root' has invalid shell, rejectedOk, there is something wrong with the shell settings, let's investigate that:
box# cat /var/config/passwd root: ... :0:0:root:/mnt/C/sys/root:/mnt/C/sys/bin/bash ... box# ls /mnt/C/sys/bin/bash /mnt/C/sys/bin/bashUser root has /mnt/C/sys/bin/bash in his settings, the file exists and is at correct place. Let's look at the list of valid shells:
box# cat /etc/shells /bin/sh /sbin/nologin /bin/nologin /bin/ash /sbin/ash /bin/false /sbin/false /mnt/C/sys/bash /bin/bash /usr/bin/bashThe path /mnt/C/sys/bash is wrong since the bash executable is in /mnt/C/sys/bin directory, but the /usr/bin/bash path should be ok, since the /usr/bin is just a symlink to /mnt/C/sys/bin:
box# ls -l /usr/bin lrwxrwxrwx 1 root root 14 May 21 2008 /usr/bin -> /mnt/C/sys/binWe have to look at the problem in more detail. Since there is no verbose mode available in dropbear by default, we can enable it in code (I got the inspiration from this post):
dev# nano debug.h
uncomment:
#define DEBUG_TRACE
Now when we rebuilt and re-deployed the dropbear, we can run in in verbose mode:
box# dropbear -v -E -F ... TRACE (4848): shell is /mnt/C/sys/bin/bash TRACE (4848): test shell is '/bin/sh' TRACE (4848): test shell is '/sbin/nologin' TRACE (4848): test shell is '/bin/nologin' TRACE (4848): test shell is '/bin/ash' TRACE (4848): test shell is '/sbin/ash' TRACE (4848): test shell is '/bin/false' TRACE (4848): test shell is '/sbin/false' TRACE (4848): test shell is '/mnt/C/sys/bash' TRACE (4848): test shell is '/bin/bash' TRACE (4848): test shell is '/usr/bin/bash'As can be seen in the svr-auth.c source code:
00273 while ((listshell = getusershell()) != NULL) {
00274 TRACE(("test shell is '%s'", listshell))
00275 if (strcmp(listshell, usershell) == 0) {
00276 /* have a match */
00277 goto goodshell;
00278 }
00279 }
... the shell path is compared as plain strings and so /usr/bin/bash and /mnt/C/sys/bin/bash are two different things.Since the /etc/shells file is placed on read-only file system we have to make a change in /var/config/passwd file:
box# sed -i 's|/mnt/C/sys/bin/|/usr/bin/|g' /var/config/passwdSince it is overwritten on every boot, we have to make the correction in our rc.cfg file, to make it permanent:
nano /mnt/C/sys/etc/rc.d/rc.cfg
add the following line:
sed -i 's|/mnt/C/sys/bin/|/usr/bin/|g' /var/config/passwd
Now when we try to connect again, we can see that the problem is solved:
[394] Dec 01 01:32:25 pubkey auth succeeded for 'root' with key md5 3a:...:05 from 192.168.1.103:44521
Read only file system
There is another problem:[394] Dec 01 01:32:25 chown(/dev/ttyp2, 0, 0) failed: Read-only file system [394] Dec 01 01:32:26 exit after auth (root): chmod(/dev/ttyp2, 0622) failed: Read-only file systemThe problem seems to be in the file sshpty.c in function pty_setowner but I am not sure what exactly is wrong. We can try to debug it remotely in order to find out what is going on. One option in debug.h can be handy - we can disable the forking the sub-processes - then there is just one dropbear process to attach.
/* To debug with GDB it is easier to run with no forking of child processes. You will need to pass "-F" as well. */ /* #define DEBUG_NOFORK */Let's rebuild it with debug info:
dev# nano Makefile ... CFLAGS=-I. -I$(srcdir) -I$(srcdir)/libtomcrypt/src/headers/ $(CPPFLAGS) -I/mnt/C/sys/include -I/mnt/C/sys/X11/include -g ...Rebuild and redeploy the dropbear binary.
Now we can run the dropbear process on the box:
box# dropbear -E -F box# [4498] Dec 21 23:50:01 Running in background ...On another console connected to the box we start the gdbserver:
box# gdbserver colinux:2345 --attach 4498 Attached; pid = 4498 Listening on port 2345 ...Now on the mirror system we can start the gdb:
dev# gdb dropbear GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux-uclibc"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) target remote 192.168.1.104:2345 Remote debugging using 192.168.1.104:2345 0x0806d7ad in fast_s_mp_sqr (a=0xbfffe348, b=0xbfffe348) at bn_fast_s_mp_sqr.c:73 73 _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); (gdb) break pty_setowner Breakpoint 1 at 0x805bfcc: file sshpty.c, line 364. (gdb) cont Continuing.Now we are ready to connect over ssh:
dev# ssh root@storage root@storage's password:
... and debugger stops on the breakpoint:
Breakpoint 1, pty_setowner (pw=0x80dd480, tty_name=0x80e1578 "/dev/ttyp3") at sshpty.c:364
364 grp = getgrnam("tty");
(gdb) step
365 if (grp) {
(gdb) step
369 gid = pw->pw_gid;
(gdb) step
370 mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
(gdb) step
378 if (stat(tty_name, &st)) {
(gdb) step
382 dropbear_log(LOG_ERR, "stat: %u", (unsigned int)st.st_uid );
(gdb) print st
$1 = {st_dev = 7936, __pad1 = 45352, __st_ino = 363, st_mode = 8630, st_nlink = 1, st_uid = 0, st_gid = 5,
st_rdev = 771, __pad2 = 0, st_size = 0, st_blksize = 4096, st_blocks = 0, st_atime = 1206970720,
st_atimensec = 134760895, st_mtime = 1206970720, st_mtimensec = 134691188, st_ctime = 1206970720,
st_ctimensec = 135124096, st_ino = 363}
(gdb) print tty_name
$2 = 0x80e1578 "/dev/ttyp3"
(gdb) next
383 if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
(gdb) print *pw
$3 = {pw_name = 0x80dd380 "root", pw_passwd = 0x80dd385 "...", pw_uid = 0, pw_gid = 0, pw_gecos =
0x80dd3a4 "root", pw_dir = 0x80dd3a9 "/mnt/C/sys/root", pw_shell = 0x80dd3b9 "/usr/bin/bash"}
...
(gdb) step
401 if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
(gdb) print /o st.st_mode
$4 = 020666
(gdb) step
402 if (chmod(tty_name, mode) < 0) {
(gdb) step
403 if (errno == EROFS &&
(gdb) step
409 dropbear_exit("chmod(%.100s, 0%o) failed: %.100s",
Ok, we have analyzed the situation. The pty_setowner function is trying to initialize the device file representing the terminal we are trying to connect to. Device file is on read only file system and so the attribute changes do not succeed.
If changing the tty owner does not succeed, the code at (1) activates more relaxed mode in case the file system is read only and tty is owned by root or the uids match. In our case the relaxed mode is activated and the server just writes the warning chown(/dev/ttyp2, 0, 0) failed: Read-only file system and continues.Then there is code changing tty read mode. This code tries to prevent unauthorized users from reading tty content. In order to get just a warning, the reading by group and reading by others must be prohibited. In our case the st.st_mode is 020666 (read/write by everyone) and so we get the error chmod(/dev/ttyp2, 0622) failed: Read-only file system.
/*
* Change owner and mode of the tty as required.
* Warn but continue if filesystem is read-only and the uids match/
* tty is owned by root.
*/
if (stat(tty_name, &st)) {
dropbear_exit("pty_setowner: stat(%.101s) failed: %.100s",
tty_name, strerror(errno));
}
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty_name, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
(1) dropbear_log(LOG_ERR,
"chown(%.100s, %u, %u) failed: %.100s",
tty_name, (unsigned int)pw->pw_uid, (unsigned int)gid,
strerror(errno));
} else {
dropbear_exit("chown(%.100s, %u, %u) failed: %.100s",
tty_name, (unsigned int)pw->pw_uid, (unsigned int)gid,
strerror(errno));
}
}
}
if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
if (chmod(tty_name, mode) < 0) {
if (errno == EROFS &&
(2) (st.st_mode & (S_IRGRP | S_IROTH)) == 0) {
dropbear_log(LOG_ERR,
"chmod(%.100s, 0%o) failed: %.100s",
tty_name, mode, strerror(errno));
} else {
dropbear_exit("chmod(%.100s, 0%o) failed: %.100s",
tty_name, mode, strerror(errno));
}
}
}
Some discussions (for example here and here) recommended to configure build in order to disable openpty:
dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" clean dev# ./configure --prefix /mnt/C/sys --disable-zlib --disable-openpty STATIC=1 dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" installBut it did not help in this case.
Nowadays I do not know a better workaround in order to make it work than change the dropbear_exit to dropbear_log. I have found a discussion about this on Web and the following rationale seems reasonable:
Ah. If it's a single user system, the easiest solution might just be to disable the chown() and chmod() call - it's not like there're any other users who might be sniffing :)... but be careful, you were warned ;-)
(sshpty.c is where you'll find those chown/chmods).
Minor issues
There were also two another problems (just warnings). The first was wtmp problem:[2398] Dec 01 12:13:04 wtmp_write: problem writing /var/log/wtmp: No such file or directoryIt was solved by adding the --disable-wtmp to the configure command line.
The second was logging problem:
dev# ssh root@storage root@storage's password: [2719] Dec 01 13:25:53 lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory [2719] Dec 01 13:25:53 lastlog_openseek: /var/log/lastlog is not a file or directory! [ FW 4.00b4.C009-M[NG] ] [ http://mgb111.pradnik.net/ ]We are not alone on this (see this post or OpenWrt ticket, also this archive served as a source of information).
It was solved by adding the --disable-lastlog to the configure command line.
Final build
As a result we have the following configure command line:dev# ./configure --prefix /mnt/C/sys --disable-zlib --disable-openpty --disable-wtmp --disable-lastlogNow we can modify the Makefile in order to generate code optimized for size:
dev# nano Makefile ... CFLAGS=-I. -I$(srcdir) -I$(srcdir)/libtomcrypt/src/headers/ $(CPPFLAGS) -I/mnt/C/sys/include -I/mnt/C/sys/X11/include -OsIf we want to create multi-application instead of individual applications, we can use MULTI variable on the make command line:
dev# make STATIC=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" clean dev# make STATIC=1 MULTI=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"We can strip the sources to spare some space:
dev# make STATIC=1 MULTI=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" stripAnd are ready to install and create the package:
dev# make STATIC=1 MULTI=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install dev# cd /mnt/C dev# ./filopack.sh --pack dropbear-0.52
Test
Start the dropbear server (logging to strerr, not forking to background):box# dropbear -E -F [902] Dec 22 02:14:49 Not backgroundingThis is output when I was connecting from a machine without a registered public key:
[906] Dec 22 02:14:52 Child connection from 192.168.1.102:44241 [906] Dec 22 02:15:02 password auth succeeded for 'root' from 192.168.1.102:44241 [906] Dec 22 02:15:02 chown(/dev/ttyp3, 0, 0) failed: Read-only file system [906] Dec 22 02:15:02 !!! Filodej is warning you. Be sure you are the only user !!! [906] Dec 22 02:15:02 chmod(/dev/ttyp3, 0622) failed: Read-only file system [906] Dec 22 02:15:47 chown /dev/ttyp3 0 0 failed: Read-only file system [906] Dec 22 02:15:47 chmod /dev/ttyp3 0666 failed: Read-only file system [906] Dec 22 02:15:47 exit after auth (root): Exited normallyThis is output when I was connecting from a machine with registered public key:
[913] Dec 22 02:15:59 Child connection from 192.168.1.102:44242 [913] Dec 22 02:16:06 pubkey auth succeeded for 'root' with key md5 f1:...:3b from 192.168.1.102:44242 [913] Dec 22 02:16:06 chown(/dev/ttyp3, 0, 0) failed: Read-only file system [913] Dec 22 02:16:06 !!! Filodej is warning you. Be sure you are the only user !!! [913] Dec 22 02:16:06 chmod(/dev/ttyp3, 0622) failed: Read-only file system [913] Dec 22 02:16:21 chown /dev/ttyp3 0 0 failed: Read-only file system [913] Dec 22 02:16:21 chmod /dev/ttyp3 0666 failed: Read-only file system [913] Dec 22 02:16:21 exit after auth (root): Exited normally
