[opensuse-security] login-problem on OpenSuSE 11.1
Hi everyone, I have a login-problem on an OpenSuSE 11.1 machine (all updates installed). When I try to login via ssh I get: # ssh -vv XXX.XXX.XXX.XXX OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host Local login also does not work, after entering the username and pressing [Enter] the password-prompt does never appear. STRG + ALT + DEL does also not reboot the box. How could such a thing happen and what can I do to find out the source of this problem and to prevent it in the future? Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Thu, Apr 08, 2010 at 10:01:29AM +0200, Ralf Ronneburger wrote:
Hi everyone,
I have a login-problem on an OpenSuSE 11.1 machine (all updates installed). When I try to login via ssh I get:
# ssh -vv XXX.XXX.XXX.XXX OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
Local login also does not work, after entering the username and pressing [Enter] the password-prompt does never appear. STRG + ALT + DEL does also not reboot the box.
How could such a thing happen and what can I do to find out the source of this problem and to prevent it in the future?
The serverlogfile might be helpful here to debug why it is closed. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Am 08.04.2010 10:30, schrieb Marcus Meissner:
The serverlogfile might be helpful here to debug why it is closed.
Ciao, Marcus
There are no log-entries in /var/log/messages or /var/log/warn for sshd or PAM around the time when the machine stopped responding to all login attempts, first log-entry is when it was rebooted and sshd restarted. Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Ralf Ronneburger wrote:
Am 08.04.2010 10:30, schrieb Marcus Meissner:
The serverlogfile might be helpful here to debug why it is closed.
Ciao, Marcus
There are no log-entries in /var/log/messages or /var/log/warn for sshd or PAM around the time when the machine stopped responding to all login attempts, first log-entry is when it was rebooted and sshd restarted.
Greetings,
Ralf
I have seen systems lock up on login when there was a bad disk drive or one of the file systems was off line. Mike -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Mike McCarthy wrote:
I have seen systems lock up on login when there was a bad disk drive or one of the file systems was off line.
Mike
All disks are O.K. and other services ran fine, it looks like authentication was the only thing that locked up. Which is not comforting. Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi, I think the problem is not related to OpenSSH but to a faulty local security subsystem. It might be interesting to see the output of dmesg, but you cannot execute it as you cannot log to the sistem (not even as root?) /etc/password and /etc/shadow are in place and healthy? Did you ignore some dependencies while instaling/upgrading? Weird problem there. regards ariel PS: There was a recent security update on openssl (SUSE-SA:2010:020) that fixes some key renegotiation issues. Even though it does not seem to affect the stage of the process where your ssh handshake fails, maybe you would like to revert and check if the problem exists after/before the fix. El 08/04/10 07:25, Ralf Ronneburger escribió:
Mike McCarthy wrote:
I have seen systems lock up on login when there was a bad disk drive or one of the file systems was off line.
Mike
All disks are O.K. and other services ran fine, it looks like authentication was the only thing that locked up. Which is not comforting.
Greetings,
Ralf
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
You might want to look on console 10 (Alt+F10) for some messages. Markus On Apr 8, Ralf Ronneburger <ralf@ronneburger.de> wrote:
Mike McCarthy wrote:
I have seen systems lock up on login when there was a bad disk drive or one of the file systems was off line.
Mike
All disks are O.K. and other services ran fine, it looks like authentication was the only thing that locked up. Which is not comforting.
Greetings,
Ralf
-- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Markus Gaugusch wrote:
You might want to look on console 10 (Alt+F10) for some messages.
Markus
I did - no relevant messages at console 10 or in the logs. Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Apr 09, Ralf Ronneburger wrote:
Markus Gaugusch wrote:
You might want to look on console 10 (Alt+F10) for some messages.
I did - no relevant messages at console 10 or in the logs.
what about apparmor? did you check /var/log/audit/audit.log too ? Harald -- "I hope to die ___ _____ before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\ Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\ \ \/OOOOOOOOOOOOOOO\ \ OOOOOOOOOOOOOOOOO|// \/\/\/\/\/\/\/\/\/ Harald Koenig // / \\ \ koenig@tat.physik.uni-tuebingen.de ^^^^^ ^^^^^ -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Harald Koenig wrote:
what about apparmor? did you check /var/log/audit/audit.log too ?
Harald
Yes, there I have just the normal start / end messages. Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (6)
-
ariel sabiguero yawelak -
Harald Koenig -
Marcus Meissner -
Markus Gaugusch -
Mike McCarthy -
Ralf Ronneburger