You are not logged in.
$ systemctl --user status
Failed to connect to bus: No such file or directory
Not sure what the deal is. I copied my .service and .timer files to the server and get the same error message when trying to start.
I've successfully used them in the past on a server so don't know what has changed.
Archlinux both on local machine and server - and worked on the server I did it on before and local machine but not this other one.
The server is kvm so I wouldn't expect any nonsense related maybe to containers if that were maybe a reason. Besides the one where it worked in the past was an openvz server.
$ psg systemd
root 192 1 0 Feb20 ? 00:00:10 /usr/lib/systemd/systemd-journald
root 205 1 0 Feb20 ? 00:00:00 /usr/lib/systemd/systemd-udevd
dbus 327 1 0 Feb20 ? 00:00:01 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 329 1 0 Feb20 ? 00:00:00 /usr/lib/systemd/systemd-logind
auser 13108 1 0 09:28 ? 00:00:00 /usr/lib/systemd/systemd --user
auser 16359 14228 0 13:27 pts/0 00:00:00 grep systemd
Last edited by MarthaParkin (2018-02-28 05:46:13)
Offline
What is $DBUS_SESSION_BUS_ADDRESS set to?
Offline
What is $DBUS_SESSION_BUS_ADDRESS set to?
How do I determine that? I don't know about these '$' commands it's new to me when I just pasted $DBUS_SESSION_BUS_ADDRESS into terminal nothing came back or do I have to add something else.
I found https://bbs.archlinux.org/viewtopic.php?id=201543
which one user said that they can run the commands fine when logged in via the web console.
I tried that and all works. It is running them via ssh which is causing the issue.
Is that an easy fix? if not I don't mind just issuing systemctl --user commands via the console since I won't need to do them often.
Last edited by MarthaParkin (2018-02-24 12:45:00)
Offline
It's an environmental variable. Check it with echo or env.
Offline
Ok, still empty when I echoed from ssh
but via the console gives
unix:path=/run/user/1000/bus
Last edited by MarthaParkin (2018-02-24 13:39:50)
Offline
I just took a look at the thread you linked. It explains a lot of things. Have you checked through it?
Offline
Check the sshd config, https://bbs.archlinux.org/viewtopic.php?id=232424
Offline
Moving to NC...
Offline
I just took a look at the thread you linked. It explains a lot of things. Have you checked through it?
I was working through it. I tried reinstalling dbus so far as graysky did which fixed for him but didn't work for me.
Offline
Through someone else's replies on another thread I found out the problem is because I set 'UsePAM' to 'no'. Set to yes and it is working.
I originally set it to no though in order to harden security as per instructions I had read saying set it to no as well as
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no
Is this comprising security to any great degree? Cost/benefit thing or can I just set the variables elsewhere while keeping PAM off?
When I manually did
XDG_RUNTIME_DIR=/run/user/$UID systemctl --user status
it worked. I tried as per the wiki to add that line to ~/.config/systemd/user/env.conf but it didn't work to allow me to run commands in ssh although the settings showed up when quiried via the console.
Offline
See `man sshd_config` AuthenticationMethods and setting it to the string publickey
Edit:
Then verify that password based login is denied.
Last edited by loqs (2018-02-24 18:48:01)
Offline
See `man sshd_config` AuthenticationMethods and setting it to the string publickey
Edit:
Then verify that password based login is denied.
?
I do that already.
I disabled it from the start, including UsePAM, from the start that is why I was having these issues.
Offline
loqs wrote:See `man sshd_config` AuthenticationMethods and setting it to the string publickey
Edit:
Then verify that password based login is denied.?
I do that already.
I disabled it from the start, including UsePAM, from the start that is why I was having these issues.
The contents of /etc/ssh/sshd_config you posted so far was
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no
I do not see
AuthenticationMethods publickey
UsePAM yes
In that
Offline
What? that isn't my whole sshd_config. I don't say that is was.
I was pasting only what the settings for hardening were where I say
I had read saying set it to no as well as
meaning those are the settings which I read pertaining to sshd hardening.
And PAM is set to yes now.
I was asking if PAM can be set to NO to harden ssh while still being able to use systemctl --user somehow.
Last edited by MarthaParkin (2018-02-24 19:23:53)
Offline
What? that isn't my whole sshd_config. I don't say that is was.
I was pasting only what the settings for hardening were where I say
So why the response of "?" to my suggestion of setting AuthenticationMethods publickey?
I had read saying set it to no as well as
meaning those are the settings which I read pertaining to sshd hardening.
You forgot to include AuthenticationMethods publickey as a hardening change you had made.
Do you have source for the need to disable pam when AuthenticationMethods publickey and did it provide an explanation of what it was guarding against in that scenario?
I was asking if PAM can be set to NO to harden ssh while still being able to use systemctl --user somehow.
XDG_RUNTIME_DIR=/run/user/$UID
contains shell expansion so that would not work outside of a shell
you code hardcode the uid instead but there is no guarantee that such a work around will not break in the future.
Unless you have some specific risk you believe is related to enabling pam then why take that approach? You already stated you have retested that enabling pam does not allow password logins.
Edit:
unclear sentence changed: disable pam instead from disabling
Last edited by loqs (2018-02-24 19:46:30)
Offline
Seems to be communication errors.
I will just keep pam to yes for now. There is not a specific risk just following from the advice I recently read in this article https://www.unixlore.net/articles/five- … e-ssh.html
If I understand correctly it is saying that disabling password auth can be negated if PAM is still set to yes.
I did just try and login on a different machine with no key and it didn't allow it so maybe that data is antiquated?
Last edited by MarthaParkin (2018-02-24 21:23:33)
Offline
From the link you provided
Note that if ChallengeResponseAuthentication is 'yes', and the PAM authentication policy for sshd includes pam_unix(8), password authentication will be allowed through the challenge-response mechanism regardless of the value of PasswordAuthentication.
Which you have disabled. Even if you had that enabled if would be blocked by AuthenticationMethods publickey which is why I referred you to the AuthenticationMethods sestion of the sshd_config man page.
Edit:
If you wanted to ensure password logins are not used for that user you could lock the password on that account.
Last edited by loqs (2018-02-24 21:49:39)
Offline
It has stopped working again now even with UsePAM enabled.
Back to the error message in OP. I checked the ssh_config and it is still set to yes and tried restartind sshd and it didn't change.
Offline
Has the output of any of the following changed?
$ printenv XDG_RUNTIME_DIR
$ ls /run/user/$UID
$ XDG_RUNTIME_DIR=/run/user/$UID systemctl --user status
$ loginctl show-session $XDG_SESSION_ID
Offline
I do not know what they were before so don't know if they changed or not but here is the output
$ scu status
Failed to connect to bus: Connection refused
$ printenv XDG_RUNTIME_DIR
/run/user/1000
$ ls /run/user/$UID
bus gnupg systemd
$ XDG_RUNTIME_DIR=/run/user/$UID systemctl --user status
Failed to connect to bus: Connection refused
$ loginctl show-session $XDG_SESSION_ID
Id=c449
User=1000
Name=user1
Timestamp=Wed 2018-02-28 05:08:52 UTC
TimestampMonotonic=314563612380
VTNr=0
Remote=yes
RemoteHost=90.205.151.208
Service=sshd
Scope=session-c449.scope
Leader=4346
Audit=0
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no
$
Hmm I just noticed the error for getting the status is different now, giving connection refused rather than no such file or directory as before.
EDIT: I did a reboot of the server and working again now.
Note I was following the thread I linked to earlier and doing 'pacman -Qikk systemd' as advised showed
warning: systemd: /usr/share/polkit-1/rules.d/systemd-networkd.rules (Permission denied) systemd: 1430 total files, 1 altered file
Will this cause issues again? The poster advises to do full upgrade which is what I had just done (there were no systemd updates needed) and reboot which is where I was at and which allowed systemctl --user to work again. I'll see how I go and marked as solved for now.
Last edited by MarthaParkin (2018-02-28 05:45:56)
Offline