[ale] SSH session ends immediately after authentication

Jason Day jason.day at gmail.com
Thu Jan 26 15:08:37 EST 2006


On 1/26/06, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
>
> I hate saying this but has the machine been rebooted? Does any of the
> other networked services show signed of being crappy? Run some nmap
> scans on port 22 (all varieties) and see if it hangs.


The machine hasn't been rebooted since the last power flicker, maybe a month
ago.  Apache works fine; there are 3 virtual servers and all 3 are
responsive.  Unfortunately, the network I'm on uses egress filtering, so I
can't run a port scan.  I didn't think about scanning port 22 though.  That
doesn't show anything that looks interesting (to me anyway).  No hangs.

There is also the possibility that the hard drive had a failure that
> impacted to data for the sshd binary. If ssh was reloaded, it is now
> using the bad binary. It may something as small as a single bit flip.


Hmm, I wonder if the disk is full.  I'll have to check that when I get home.


It really looks like you will need console access for this one. The fact
> that you get as far as seeing the Last: data says that ssh _is_ working.


Yeah.  Console access isn't a problem, except that it's still a few hours
away.  I just hope it hasn't been serving porn or warez in the meantime :-(

Hmm. The next step is to start the environment for remote users. Bash
> should load first but it isn't. It could be that the the sshd.conf file
> was changed to "UseLogin no". That would halt the process before the
> shell can start (since there is no login process to call a shell).


I can't see how that could have happened without it being compromised
though.

If you have webmin installed you can cat the sshd.conf file and make sed
> edits.


Alas, no.  I'll have to wait for the console.

Thanks,
Jason
--
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net

"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list