[ale] SSH session ends immediately after authentication

James P. Kinney III jkinney at localnetsolutions.com
Thu Jan 26 15:30:40 EST 2006 

On Thu, 2006-01-26 at 15:08 -0500, Jason Day wrote:
> On 1/26/06, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
>         I hate saying this but has the machine been rebooted? Does any
>         of the
>         other networked services show signed of being crappy? Run some
>         nmap
>         scans on port 22 (all varieties) and see if it hangs.
> 
> The machine hasn't been rebooted since the last power flicker, maybe a
> month ago.  Apache works fine; there are 3 virtual servers and all 3
> are responsive.  Unfortunately, the network I'm on uses egress
> filtering, so I can't run a port scan.  I didn't think about scanning
> port 22 though.  That doesn't show anything that looks interesting (to
> me anyway).  No hangs. 
> 
> 
>         There is also the possibility that the hard drive had a
>         failure that
>         impacted to data for the sshd binary. If ssh was reloaded, it
>         is now 
>         using the bad binary. It may something as small as a single
>         bit flip.
> 
> Hmm, I wonder if the disk is full.  I'll have to check that when I get
> home. 

Ah Ha! A full hard drive would cause a login to fail as it can't record
the access. If this is a production server you have a problem as the
logging is now not running.


> 
> 
>         It really looks like you will need console access for this
>         one. The fact
>         that you get as far as seeing the Last: data says that ssh
>         _is_ working.
> 
> Yeah.  Console access isn't a problem, except that it's still a few
> hours away.  I just hope it hasn't been serving porn or warez in the
> meantime :-( 
> 
> 
>         Hmm. The next step is to start the environment for remote
>         users. Bash
>         should load first but it isn't. It could be that the the
>         sshd.conf file
>         was changed to "UseLogin no". That would halt the process
>         before the
>         shell can start (since there is no login process to call a
>         shell).
> 
> I can't see how that could have happened without it being compromised
> though. 
> 
> 
>         If you have webmin installed you can cat the sshd.conf file
>         and make sed
>         edits.
> 
> Alas, no.  I'll have to wait for the console.
> 
> Thanks,
> Jason 
> 
> -- 
> Jason Day                                       jasonday at
> http://jasonday.home.att.net                    worldnet dot att dot
> net
> 
> "Of course I'm paranoid, everyone is trying to kill me."
>     -- Weyoun-6, Star Trek: Deep Space 9 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list