[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#252676: sshd failure

Package: ssh
Version: 1:3.8.1p1-4
Severity: serious

Note: I'm not 100% sure I was running ssh -4, and not -3, when I
experienced this bug, because the first thing I tried to do to fix it
was upgrade. Bug #248125 looks similar, and that was -3? My status-old
is dated June second, and has version -4 in it though, so I do think I
was running -4.

My colocated server was refusing both ssh and ssl telnet connections.
It looked like this:

joey:~>ssh -v kite
OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /home/joey/.ssh/config
debug1: Applying options for kite
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to kite [64.62.161.42] port 22.
debug1: Connection established.
debug1: identity file /home/joey/.ssh/identity type -1
debug1: identity file /home/joey/.ssh/id_rsa type -1
debug1: identity file /home/joey/.ssh/id_dsa type 2
ssh_exchange_identification: Connection closed by remote host

Telnet also hung up before I got to a login prompt. The rest of the serivces
seemed ok. I got a root shell via other means, and tried restarting ssh. No
luck. Tried upgrading the whole system to current unstable, again, no luck.
Then I noticed something strange in ps:

14515 ?        S      0:00 sshd: joey [pam]
32215 ?        S      0:00 sshd: bdragon [pam]
 8978 ?        S      0:00 sshd: joeyh [pam]

There were a few more that I've elided because they may contain preveligded
information. I don't have a "bdragon" or "joeyh" user, and there were some
other weird users listed. None of these users were really logged in,
that I could tell.

I also found this in the log:

Jun  2 10:33:06 kitenet sshd[26977]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Jun  2 10:33:06 kitenet sshd[26977]: fatal: Cannot bind any address.

I killed all of these processes, and restarted ssh again. Now it worked, and
so did telnet.

I have to catch a plane, so I can't investigate further right now.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages ssh depends on:
ii  adduser                     3.56         Add and remove users and groups
ii  debconf                     1.4.25       Debian configuration management sy
ii  dpkg                        1.10.22      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-13 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-21      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-21      Runtime support for the PAM librar
ii  libpam0g                    0.76-21      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7d-3     SSL shared libraries
ii  libwrap0                    7.6.dbs-4    Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1.1-3  compression library - runtime

-- debconf information excluded

-- 
see shy jo
Reply to: