[ale] openssh server returns FIN immediately after the TCP handshake

Michael H. Warfield mhw at WittsEnd.com
Wed Feb 27 12:44:17 EST 2008


On Wed, 2008-02-27 at 11:34 -0500, Jerry Yu wrote:
> Starting today, I couldn't ssh into a production server, a stock
> installation of RHEL 5.1/PPC (a LPAR on a 16-way power5 server).
> tcpdump showed FIN packet was received on the client, immediately
> after the TCP handshake (SYN + SYN ACK + ACK) was done.
> The server functions otherwise (nfsd & syslogd).
> If it matters, all os access accounts are controlled by a remote LDAP
> server.  Same accounts can be used to authenticate the user
> successfully on other RHEL 5.1/ppc against this LDAP server

	I've seen that happen after an update has updated sshd and not
restarted the server.  The master server seems to run fine but the
instant it forks off a child the child dies due to some library problem.
Try restarting that sshd.  Obviously, you've got a chicken and egg
situation if you can't connect to the server to restart the sshd so you
can connect to the server...

	Interesting that this has occurred today.  I just checked one of my
CentOS boxes and there are some OpenLDAP updates in that pipe.  First
restart the sshd server.  Second, restart any ldap processes.

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080227/08dccb91/attachment.bin 


More information about the Ale mailing list