Automated Guest Logins

Discussions about using Linux guests in VirtualBox.
Post Reply
PluX62
Posts: 2
Joined: 23. Jul 2017, 22:14

Automated Guest Logins

Post by PluX62 »

Hello,

I followed the documentation section "Automated Guest Logins" (https://www.virtualbox.org/manual/ch09.html#autologon) and I succesfully configured PAM with pam_vbox module, set CredsWait to 1 (host command), and set credentials for a "titi" user (even if I don't know if I have to do so).
Both host and guest are Linux.

My issue is that when I try to login on my guest with "titi" user, it failed. Even by SSH or console.
I try to figure out what could prevent login through vbox pam module, but no success...
if you can help me, or explain how it works, it would be greatly appreciated ;)

Regards,

PluX62
P.S: some infos that may help in troubleshoot... ;)
if some infos are missing, don't hesitate.
I) On my guest (ubuntu server)
$ sudo tail -f /var/log/auth.log # debug set to pam_vbox module

Code: Select all

...
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_authenticate called
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox: 5.2.44r139111, running on amd64
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_init: runtime initialized
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_init: guest lib initialized
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_init: rhost=192.168.1.36, tty=ssh, prompt=<none>
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_read_prop: read key "/VirtualBox/GuestAdd/PAM/CredsWait"="1"
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_read_prop: read key "/VirtualBox/GuestAdd/PAM/CredsWait" with rc=VINF_SUCCESS
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_read_prop: read key "/VirtualBox/GuestAdd/PAM/CredsWaitTimeout" with rc=VERR_NOT_FOUND
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_read_prop: read key "/VirtualBox/GuestAdd/PAM/CredsMsgWaiting" with rc=VERR_NOT_FOUND
Aug 13 08:16:16 dns-01 pam_vbox[758]: Showing message "Waiting for credentials ..." (type 4)
Aug 13 08:16:16 dns-01 pam_vbox[758]: Response to message "Waiting for credentials ..." was ""
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_check_creds: could not query for credentials! rc=VERR_PERMISSION_DENIED. Aborting
Aug 13 08:16:16 dns-01 pam_vbox[758]: pam_vbox_authenticate: overall result rc=VERR_PERMISSION_DENIED
Aug 13 08:16:16 dns-01 sshd[758]: pam_unix(sshd:auth): check pass; user unknown
Aug 13 08:16:16 dns-01 sshd[758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.36
Aug 13 08:16:18 dns-01 sshd[758]: Failed password for invalid user titi from 192.168.1.36 port 64541 ssh2
...
$ lsb_release -a+

Code: Select all

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.5 LTS
Release:	18.04
Codename:	bionic
$ VBoxControl version

Code: Select all

Oracle VM VirtualBox Guest Additions Command Line Management Interface Version 5.2.44
(C) 2008-2020 Oracle Corporation
All rights reserved.

5.2.44r139111
$ cat /etc/pam.d/common-auth

Code: Select all

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# vbox host auth
auth	requisite	pam_vbox.so	debug

# here are the per-package modules (the "Primary" block)
auth	[success=1 default=ignore]	pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
auth	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth	optional			pam_cap.so 
# end of pam-auth-update config
$ find /lib -name 'pam_vbox.so' -exec ls -la {} \;

Code: Select all

-rw-r--r-- 1 root root 818408 Jul  9  2020 /lib/x86_64-linux-gnu/security/pam_vbox.so
$ ls -la /dev | grep vbox

Code: Select all

crw-rw----  1 vboxadd root     10,  56 Aug 13 07:57 vboxguest
crw-rw-rw-  1 vboxadd root     10,  55 Aug 13 07:57 vboxuser
$ ps -aef | grep -i vbox

Code: Select all

root       343     2  0 07:57 ?        00:00:00 [iprt-VBoxWQueue]
root       610     1  0 07:57 ?        00:00:01 /usr/sbin/VBoxService --pidfile /var/run/vboxadd-service.sh
ladmin     875   819  0 09:59 pts/1    00:00:00 grep --color=auto -i vbox
II) On my host (ubuntu server)
$ sudo -u vbox_admin vboxmanage guestproperty enumerate 6dae84c0-1af8-4d3c-a1ef-f8bbc4356642

Code: Select all

Name: /VirtualBox/GuestInfo/OS/Product, value: Linux, timestamp: 1628834277819271000, flags: 
Name: /VirtualBox/GuestInfo/Net/0/V4/IP, value: 192.168.1.47, timestamp: 1628834277823824000, flags: 
Name: /VirtualBox/GuestInfo/Net/0/MAC, value: 080027DB7E82, timestamp: 1628834277826741000, flags: 
Name: /VirtualBox/GuestInfo/OS/ServicePack, value: , timestamp: 1628834277819595000, flags: 
Name: /VirtualBox/HostInfo/VBoxVerExt, value: 5.2.44, timestamp: 1628834256755826000, flags: TRANSIENT, RDONLYGUEST
Name: /VirtualBox/GuestInfo/Net/0/V4/Netmask, value: 255.255.255.0, timestamp: 1628834277824237000, flags: 
Name: /VirtualBox/GuestInfo/OS/Version, value: #160-Ubuntu SMP Thu Jul 29 06:54:29 UTC 2021, timestamp: 1628834277819491000, flags: 
Name: /VirtualBox/GuestAdd/VersionExt, value: 5.2.44, timestamp: 1628834277819866000, flags: 
Name: /VirtualBox/GuestAdd/Revision, value: 139111, timestamp: 1628834277820238000, flags: 
Name: /VirtualBox/HostGuest/SysprepExec, value: , timestamp: 1628834256754591000, flags: TRANSIENT, RDONLYGUEST
Name: /VirtualBox/GuestInfo/OS/LoggedInUsers, value: 1, timestamp: 1628834582759988000, flags: TRANSIENT, TRANSRESET
Name: /VirtualBox/GuestInfo/Net/0/Status, value: Up, timestamp: 1628834277827113000, flags: 
Name: /VirtualBox/GuestAdd/PAM/CredsWait, value: 1, timestamp: 1628801274172594000, flags: RDONLYGUEST
Name: /VirtualBox/GuestInfo/Net/0/Name, value: enp0s3, timestamp: 1628834277827447000, flags: 
Name: /VirtualBox/HostGuest/SysprepArgs, value: , timestamp: 1628834256754684000, flags: TRANSIENT, RDONLYGUEST
Name: /VirtualBox/GuestAdd/Version, value: 5.2.44, timestamp: 1628834277819747000, flags: 
Name: /VirtualBox/HostInfo/VBoxRev, value: 139111, timestamp: 1628834256755908000, flags: TRANSIENT, RDONLYGUEST
Name: /VirtualBox/GuestInfo/Net/0/V4/Broadcast, value: 192.168.1.255, timestamp: 1628834277824034000, flags: 
Name: /VirtualBox/HostInfo/VBoxVer, value: 5.2.44, timestamp: 1628834256755741000, flags: TRANSIENT, RDONLYGUEST
Name: /VirtualBox/GuestInfo/OS/LoggedInUsersList, value: ladmin, timestamp: 1628834582759723000, flags: TRANSIENT, TRANSRESET
Name: /VirtualBox/GuestInfo/Net/Count, value: 1, timestamp: 1628842544415344000, flags: 
Name: /VirtualBox/GuestInfo/OS/Release, value: 4.15.0-153-generic, timestamp: 1628834277819418000, flags: 
Name: /VirtualBox/GuestInfo/OS/NoLoggedInUsers, value: false, timestamp: 1628834582760186000, flags: TRANSIENT, TRANSRESET
$ lsb_release -a

Code: Select all

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.2 LTS
Release:	20.04
Codename:	focal
$ vboxheadless --version

Code: Select all

Oracle VM VirtualBox Headless Interface 5.2.44
(C) 2008-2020 Oracle Corporation
All rights reserved.

5.2.44r139111
$ ps -aef | grep -i vbox

Code: Select all

root        1008       2  0 07:57 ?        00:00:00 [iprt-VBoxWQueue]
root        1009       2  0 07:57 ?        00:00:00 [iprt-VBoxTscThr]
vbox_ad+    1165       1  0 07:57 ?        00:00:00 /usr/lib/virtualbox/vboxwebsrv --background -H 192.168.1.250 -F /var/log/vboxweb-service.log
vbox_ad+    1174       1  0 07:57 ?        00:00:02 /usr/lib/virtualbox/VBoxXPCOMIPCD
vbox_ad+    1193       1  0 07:57 ?        00:00:05 /usr/lib/virtualbox/VBoxSVC --auto-shutdown
vbox_ad+    1323    1193  1 07:57 ?        00:01:44 /usr/lib/virtualbox/VBoxHeadless --comment myvm-01 --startvm 6dae84c0-1af8-4d3c-a1ef-f8bbc4356642 --vrde config
ladmin      2935    2872  0 10:01 pts/2    00:00:00 grep --color=auto -i vbox
Post Reply