Topic: remote and local ssh login keeps failing

[jreijsenbach]

Hi,

Problem:
Can no longer login as root or any other user using ssh, neither from a remote network nor the local network.

Situation & what I tried:
Using server-manager I disabled all 3 ssh access settings then reenabled them. Server-manager says all's ok but still no access (access denied).

I did recently update (among others) ssh using the ones I found on http://sme.swerts-knudsen.dk/. I used the same procedure on 2 basically identical sme servers and only one has this problem.

I can logon to the machine itself using root no problem there. Just no external access.

Question:
How can I enable ssh external access using command-line? Since I can logon on the machine itself and the server-manager does not change the settings for me this might be the only way to fix it.

Any help suggestions are more than welcome.

With kind regards,

Jan

[onsy]

Hello,

I can logon to the machine itself using root no problem there. Just no external access.

Since you can logon, try going to /home/e-smith and have a look into file "configuration" to find the line about sshd. It'd have a look similar to this :

Code: [Select]

sshd=service|PasswordAuthentication|yes|PermitRootLogin|yes|access|private|status|enabled

If not, try to correct and then restart sshd.

[jreijsenbach]

Hi onsy,

Checked it looks alle ok. But doesn't seem to work. If you have any further suggestions pleas tell. Thanks so far anyway

regards,

Jan

[Lourens]

I had exactly the same problem. Installed the same updates. After installing updates no SSH access possible.
My SME version 6.01.

egards,

Lourens

[byte]

what does the command...

/sbin/e-smith/config show sshd

show?

Are you using PUTTY to connect? if so make sure you use the latest... I had problems logging in on a machine and it turned out the ssh had disabled ssh v1

Have you checked the logs to see what they say?

HTH

[brownfox]

Same problem here,
I used also the update file's from swert (after rkhunter).
And i disabled the remote access for 1 day now after i enable remote access i can't access the server remote.

[onsy]

Hello,
Try to look at the log file "messages" and examine the lines about sshd to get more infos.

[jreijsenbach]

Well i did the proverbial cannon and fly solution and did a clean install. But the problem only happened on one of two basically identical machines.

In the logs I only saw some authentication failures. Nothing out of the ordinary.

I'm sorry I can no longer be of assistance here since I basically killed off all traces of the problem.... I think/hope. If the problem reoccurs I'll be sure to look in here first.

Good luck all.

regards,

Jan

[Reinhold]

Everybody having this problem:
(You need to upgrade ssh, client and server in one run

FIX:
- login locally as root
- make sure you have all ssh components in one directory mynewssh

openssh-3.9p1-1es1.i386.rpm
openssh-clients-3.9p1-1es1.i386.rpm
openssh-server-3.9p1-1es1.i386.rpm

- go into that dir:

 cd mynewssh

- then do the upgrade in one run:

 rpm -Uvh openssh*

...note the "*" and you should be set
_if_ you still have ssh enabled in the SME Server Manager
(if not you know where to reenable

Reinhold

[Reinhold]

jreijsenbach

a new install will still 'new'-ly install the vulnerable ssh package
...so make sure that you upgrade !

Reinhold

[jreijsenbach]

Reinhold,

Thanks for the tip I actually did that myself not knowing this would prevent future occurences of this problem. Good to know  

kind regards,

Jan

[azche24]

Hi, Reinhold

Everybody having this problem:
(You need to upgrade ssh, client and server in one run
....
- then do the upgrade in one run:

 rpm -Uvh openssh*
Reinhold

Sorry, this does not solve the problem. No ssh-access. The apropriate RPMs are already installed. Even rpm e- and re-installation did not help.

[Reinhold]

Alexander,

"doesn't work" isn't working <grin> ...i.e. not really helpful  

You may try a:
# /sbin/e-smith/signal-event remoteaccess-update
while logged in locally.

...else please tell us what byte and onsy already asked for ... YOU ARE USING SME 6.0x are you ?

Regards
Reinhold

[azche24]

Reinhold,

i did everything mentioned here:
- checked configuration entries they are o.k.
- did "rpm -e openssh*. ..."
- did "rpm -Uvh openssh*"
- did post upgrade / reboot

and still get "connection refused" when trying to establish connection via ssh 1 or ssh 2 and putty.

Logfiles say:

Sep 22 07:55:43 pollux sshd[22212]: Accepted password for root from 192.168.1.4 port 1893 ssh2
Sep 22 07:56:35 pollux sshd[22212]: Received disconnect from 192.168.1.4: 11: All open channels closed
Sep 22 17:49:19 pollux sshd[22878]: Accepted password for root from 192.168.1.4 port 1125 ssh2
Sep 22 22:35:42 pollux sshd[22878]: Received disconnect from 192.168.1.4: 11: All open channels closed
Sep 22 22:38:32 pollux sshd[24265]: Accepted password for root from 192.168.1.4 port 1916 ssh2
Sep 22 22:40:01 pollux sshd[12897]: Received signal 15; terminating.
Sep 22 22:40:01 pollux sshd: sshd -TERM succeeded
Sep 23 08:20:43 pollux /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[11168]: /home/e-smith/configuration: OLD sshd=service|PasswordAuthentication|yes|PermitRootLogin|yes|access|private|status|enabled
Sep 23 08:20:43 pollux /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[11168]: /home/e-smith/configuration: NEW sshd=service|PasswordAuthentication|yes|PermitRootLogin|yes|access|public|status|enabled
Sep 23 20:03:03 pollux /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[12105]: /home/e-smith/configuration: OLD sshd=service|PasswordAuthentication|yes|PermitRootLogin|yes|access|public|status|enabled
Sep 23 20:03:03 pollux /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[12105]: /home/e-smith/configuration: NEW sshd=service|Passwo

My later connection attempts were not logged. Perhaps sshd has died forever - even after a reboot?

September 22.40 appx. was the time i applied the update.

Sorry for my stupid post. I am suffering influenza today. And yes: SME 6.0.1-01 with all the latest security updates from jesper installed (that installation was the point, where ssh stopped).

[Wooderson]

I had a similar problem after creating a custom template fragment to disable SSH v1 logins. When I was done I couldn't log in at all, except for physically on the console.

Do you have any custom templates in:
/etc/e-smith/templates-custom/etc/ssh/sshd_config ?

If so what are they?

I had a template that was creating some duplicate entries to my /etc/ssh/sshd_config file and screwing it up so you couldn't log in at all. Once I corrected it, all was fine again.

Do you get a "failed" message when you do:
service sshd reload

or

service sshd stop
service sshd start