Topic: No access over ssh

[René]

Hello

The problem occurred from one day on the other.

In any case I cannot login with my ssh client (Tera Term Pro & SSH).

The attempt to connect with a ssh client will cause a timeout.

The sshd status looks as follows.
[root@e-smith init.d]# /etc/rc.d/init.d/sshd status
sshd dead but subsys locked
[root@e-smith init.d]#

Start the service manual did not work.
[root@e-smith init.d]# /etc/rc.d/init.d/sshd start
Starting sshd: /etc/ssh/sshd_config: line 20: Bad configuration option: Challeng
eResponseAuthentication
/etc/ssh/sshd_config: terminating, 1 bad configuration options
 FAILED ]
[root@e-smith init.d]#

Can someone be helpful?

Thank you for each note

kind regards

René

[Rich Lafferty]

It looks as though you've applied 4.1.2 updates to a system
not running 4.1.2, or have otherwise applied an update that
updates sshd's configuration file to a version newer than
the version of ssh you've got.

What does "rpm -qa | grep ssh" give you?

-Rich

[René]

Hi Rich

thanks for advice.

the comand "rpm -qa | grep ssh" give me the following as answer

[root@e-smith /root]# rpm -qa | grep ssh
openssh-2.3.0p1-4
openssh-server-2.3.0p1-4
e-smith-openssh-1.2.0-11
openssh-clients-2.3.0p1-4
sshell-2.0-3
[root@e-smith /root]#


is that o.k.? And what can I now do, to solve my problem?

kind regards
René

BTW: A few months ago I've installed updateme. Could this program be the problem?

[Rich Lafferty]

It appears to me that you've applied updates for 4.1.2 to
a system running a version of e-smith older than 4.1.2;
you can look at /etc/redhat-release to determine the
version.

If that's the case, upgrade to 4.1.2 from CD, and then
reapply the 4.1.2 updates.

Hope this helps,

-Rich

[René]

In spring 2001 I've updatet the e-smith 4.1.1 as follows. This little hot-to I've found at this time at www.e-smith.org

E-SMITH SERVER AND GATEWAY 4.1.1 Security advisory - April 8, 2001
Follow these steps to secure your version 4.1.1 server(s) pending an upgrade to
version 4.1.2:

1) Disable PPTP access using the Remote Access panel of the e-smith manager
(set "Number of PPTP clients" to 0).

2) Disable time synchronization using the Set Date and Time panel of the
e-smith-manager.

3) Obtain shell access as the "root" user. (At the e-smith console main
menu, press Alt-F2, then login as 'root' with the admin password.) After
logging in, run these three commands:
   export BASE=http://updates.e-smith.com/4.1.1/updates/RPMS
   rpm -Uhv $BASE/noarch/e-smith-base-4.2.0-32.noarch.rpm
   rpm -Uhv $BASE/noarch/e-smith-lib-1.4.0-11.noarch.rpm

4) Update the Network Time Daemon RPM using the command:
   rpm -Uhv $BASE/i386/ntp-4.0.99k-15.i386.rpm

5) If your Internet connection is a DSL connection using PPPoE, you must
also run this command:
   rpm -Uhv --noscripts $BASE/noarch/e-smith-rp-pppoe-1.2.0-07.noarch.rpm
   
6) Activate the updated packages using the commands:
   /sbin/e-smith/signal-event remoteaccess-update
   /sbin/e-smith/signal-event timeserver-update

7) When you are finished, log out from the root account. To switch back to
the e-smith console, press Alt-F1.

You should now ensure that a password has been set for each user account
on the system. Accounts which have not had a password set are visible in
the User Accounts page of the e-smith manager in red italic font. If any
account exists for which a password has not been set, then you should set
a password now.

9) You will now be able to re-enable PPTP VPN via the Remote Access panel of
the e-smith manager.

Have a look in /etc/redhat-release  show me the version.
e-smith server and gateway release 4.1.1

So I've now (11/07/01) tried a second time to update to 4.1.2. But /etc/redhat-release show me again the same. Could I realy not update the server without need the 4.1.2 CD? Perhaps an other way to update the server over the internet.

Thanks in advance

kind regards
René

[Dan Brown]

Installing those updates does not upgrade your server to 4.1.2.  If you want to upgrade to 4.1.2, you'll need to use the 4.1.2 CD.  However, you probably should just upgrade to 5.0 now.