Unable to start sshd
383 views
Skip to first unread message
Chris Billson
Aug 4, 2017, 11:12:42 AM8/4/17
to RCDevs Security Solutions - Technical
I've been following two guides to try and get an Ubuntu server to use MFA, SpanKey_QuickStart.pdf and OpenOTP_PAM.pdf
I managed to get it working on one server, but not another two, so i'm reasonably sure the WebADM server is in a good state.
The issue starts when i add the lines below to my /etc/ssh/sshd_config
AuthorizedKeysCommand /usr/libexec/spankey/authorized_keys
AuthorizedKeysCommandUser root
With these in, when i restart ssh, it fails to start, i get these logs.
/var/log/auth.log
Aug 4 16:07:24 SERVER sshd[1266]: Received signal 15; terminating.
ssh stop/waiting
ssh start/pre-start, process 5119
/var/log/syslog
Aug 4 16:07:24 SERVER kernel: [ 539.088638] init: ssh main process (5109) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.088660] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.094238] init: ssh main process (5112) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.094256] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.100063] init: ssh main process (5115) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.100082] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.105757] init: ssh main process (5118) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.105775] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.112946] init: ssh main process (5121) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.112964] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.119944] init: ssh main process (5124) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.119963] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.125416] init: ssh main process (5127) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.125434] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.130787] init: ssh main process (5130) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.130805] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.136120] init: ssh main process (5133) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.136138] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.141443] init: ssh main process (5136) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.141488] init: ssh main process ended, respawning
Aug 4 16:07:24 SERVER kernel: [ 539.146882] init: ssh main process (5139) terminated with status 255
Aug 4 16:07:24 SERVER kernel: [ 539.146910] init: ssh respawning too fast, stopped
When i remark out the lines above, and restart, it starts ok.
I've checked files between the two machines, and they're all the same.
/etc/spankey/spankey.conf
/etc/openotp/openotp.conf
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/nsswitch.conf
/etc/pam.d/common-account
/etc/pam.d/common-auth
also, if i use the test command "getent passwd" - i'm able to see it retrieve user names from the WebADM server.
Is anybody able to give me any pointers on how i can troubleshoot this further, or anything i may have missed?
Thanks
Chris
Benedetto Lo Giudice
Aug 4, 2017, 11:19:25 AM8/4/17
to rcdevs-t...@googlegroups.com
Chris,
could you please try to start sshd manually, just to make sure that sshd is not printing any error which is not caught by syslog?
/usr/sbin/sshd -Ddp 10999
this starts sshd in foreground, in debug mode on a non-standard port.
Ctrl-C to kill it.
Maybe there is a typo in the sshd_config file?
Thanks for using our products!
Kind regards
Benedetto
> --
> You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
> To post to this group, send email to rcdevs-t...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rcdevs-technical.
> For more options, visit https://groups.google.com/d/optout.
Kind regards
benedetto
could you please try to start sshd manually, just to make sure that sshd is not printing any error which is not caught by syslog?
/usr/sbin/sshd -Ddp 10999
this starts sshd in foreground, in debug mode on a non-standard port.
Ctrl-C to kill it.
Maybe there is a typo in the sshd_config file?
Thanks for using our products!
Kind regards
Benedetto
> You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
> To post to this group, send email to rcdevs-t...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rcdevs-technical.
> For more options, visit https://groups.google.com/d/optout.
Kind regards
benedetto
Message has been deleted
Chris Billson
Aug 4, 2017, 12:12:50 PM8/4/17
to RCDevs Security Solutions - Technical
Thanks for your quick reply, its appreciated.
I wasn't aware of the debug option, so thanks for that, it gave me some more output, but not anything i didnt already think i knew.
/etc/ssh/sshd_config: line 34: Bad configuration option: AuthorizedKeysCommand
/etc/ssh/sshd_config: line 35: Bad configuration option: AuthorizedKeysCommandUser
/etc/ssh/sshd_config: terminating, 2 bad configuration options
although both boxes are the same version of Ubuntu, are these commands sshd version sensitive?
francois...@rcdevs.com
Aug 8, 2017, 5:31:39 AM8/8/17
to RCDevs Security Solutions - Technical
Hi Chris
Which is your version of Ubutnu and sshd ?
Reply all
Reply to author
Forward
0 new messages