Monday, January 14, 2019

4.2 jelly bean - ssh: No controlling tty: open /dev/tty: No such device or address


When connecting from PC/Cygwin via SSH (over WiFi) to phone, I am always greeted with the following macabre message:


$ ssh -T root@192.168.1.100 -p 50000
Authenticated with partial success.
root@192.168.1.100's password:
/system/bin/sh: No controlling tty: open /dev/tty: No such device or address
/system/bin/sh: can't find tty fd

/system/bin/sh: warning: won't have full job control
root@android:/ $

I know the device is there, and I have also tried various chmod permissions.


The problem is that I cannot use stty (or anything related to ttys) to set my terminal environment variables, and therefore I cannot use command line TAB completion or arrow-up, to fetch last command, or using CTRL-C/D/Z etc. I've also tried to play with various set -o options, to no avail.


Now the strange thing is that this problem is not at all present when using a local shell through the Android terminal Emulator app, which seem to correctly assign a pseudo terminal with full job control.


I've been searching high and low for how to resolve this, but gotten nowhere. My Samsung phone is using an SELinux (AOS 4.2.2) enabled version and I'm rooted with CF-Auto-Root (v1.94), and using the latest ADB. The stock mksh is @(#)MIRBSD KSH R40 2011/10/07 and thus perhaps not fully compatible with SEL AOS's, but I cannot find a newer (~R49) MKSH ARM binary, to try with.



EDIT-1: I am using SSH server.


EDIT-2: I just tried SSHelper which seem very nice (although 6 x larger). But it is unstable and show similar issues in the web log: PTY allocation request failed on channel 0



EDIT-3: After login (with new sshd server) with: ssh -T dummy@192.168.1.10 -p 2222, I loose prompt, but shell access is still ok. then running su -c /system/bin/sh -i give me back the correct su prompt # and checking set -o gives:


u0_a202@MSM8960:home # set -o
Current option settings
allexport      off  login          off  nounset        off  verbose        off
bgnice         off  markdirs       off  physical       off  vi             off
braceexpand    on   monitor        on   posix          off  vi-esccomplete off
emacs          on   noclobber      off  privileged     off  vi-tabcomplete on
errexit        off  noexec         off  restricted     off  viraw          off
gmacs          off  noglob         off  sh             off  xtrace         off
ignoreeof      off  nohup          on   stdin          on

interactive    on   nolog          off  trackall       off
keyword        off  notify         off  utf8-mode      off

But TAB is still directly interpreted as a TAB character and not command-line completion.


EDIT-4: This must be a SELinux / SEAndroid related issue, as when I disable SELinux Enforcing by setting it to Permissive, I loose the ability to SU, but all normal shell terminal controls are working. The way to do this is by issuing: su 0 setenforce 0 in whatever shell you can get, and then logout and login again. This will last until you reboot phone.


EDIT-5: From what I understand, using the ssh -t option, is used to force allocation of a pseudy-terminal, and terminates the connection if that fails. Thus it fails when pty is blocked in "Enforcing" mode, while using ssh -2 is accepted with minimal difference in error when using -vvv to debug.


$ ssh -t dummy@192.168.1.10 -p 2222 -vvv
...
dummy@192.168.1.10's password:
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)

debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.10 ([192.168.1.10]:2222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY

debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 100 id 0
PTY allocation request failed on channel 0

Not accepted, but this next one give me a shell without any prompt.



$ ssh -2 dummy@192.168.1.10 -p 2222 -vvv
...
PTY allocation request failed on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Linux 3.4.0-2340422 armv7l

This behavior is convincing me to think it is directly related to the SELinux blocking pty access. But I have no idea how and where this is done.


EDIT-6: Yep, there it is. I just found the SELinux policy denial in the audit.log file in: /data/misc/audit/audit.log



audit(1401291488.480:203): avc:  denied  { setattr } for  pid=11441 comm="sshelper_sshd" name="0" dev="devpts" ino=3 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:untrusted_app_devpts:s0 tclass=chr_file VE=SEPF_GT-I9195_4.2.2_0022_M
audit(1401291488.480:203): arch=40000028 syscall=15 per=840000 success=no exit=-13 a0=beffd438 a1=190 a2=27da a3=c0000000 items=1 ppid=8499 pid=11441 auid=4294967295 uid=10202 gid=10202 euid=10202 suid=10202 fsuid=10202 egid=10202 sgid=10202 fsgid=10202 tty=(none) ses=4294967295 comm="sshelper_sshd" exe="/data/data/com.arachnoid.sshelper/bin/sshelper_sshd" subj=u:r:untrusted_app:s0 key=(null)
audit(1401291488.480:203):  cwd="/"
audit(1401291488.480:203): item=0 name="/dev/pts/0" inode=3 dev=00:09 mode=020600 ouid=10202 ogid=10202 rdev=88:00 obj=u:object_r:untrusted_app_devpts:s0

So how to fix this?




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...