PDA

View Full Version : sshd Service Stopped



quackweb
03-06-2004, 11:15 AM
Hello Everyone,

I'm having sshd problems on one of our servers. I cannot get it to restart or start for the life of me. Everytime I try to restart or start the service I get a failed message. I even have tried to restart my server and sshd still won't start. Any idea on how to get this service running again? Keep in mind I have no way of logging into this server because sshd is down. Thanks for the advice!

nobaloney
03-07-2004, 11:20 AM
It's pretty hard to do anything if you can't log into the server.

Is your server in colocation? Can you either go there yourself with a monitor/keyboard, or get your colo company to do it for you?

You'll need to know the error message you're getting in order to resolve this.

You might very well have been hacked; somehow you're going to have to get into the server.

Once you're in, consider setting up a second ssh daemon, named something else and running on a separate port, so you'll always have a back door.

Or even run telnet, but firewall it so it'll only work from your own IP (you can only do this if you have a static IP#).

Jeff

quackweb
03-07-2004, 11:23 AM
Jeff,

Thanks for the suggestion. We actually own and operate our own facilities so I just submitted it to one of our technicians and he fixed it. He told me that there we too many AllowedUsers? How do I prevent this from happening? It sounds to me that there might be a limit to how many usernames and passwords ssh can handle? Also I wanted to know how I would go about setting up the secondary ssh, I'd ask our techs but they have other issues more important =)

nobaloney
03-07-2004, 02:31 PM
Originally posted by quackweb
He told me that there we too many AllowedUsers? How do I prevent this from happening? It sounds to me that there might be a limit to how many usernames and passwords ssh can handle?
I've never heard of this problem. We run OpenSSH on RHL 7.3, and we have three AllowUser entries; we don't allow too many people to log in to the server.

Also I wanted to know how I would go about setting up the secondary ssh, I'd ask our techs but they have other issues more important =) [/B]
For OpenSSH; you start it twice, the second time with an alternate port. See "man sshd".

We specificy a completely separate config file, though; it gives us more flexibility.

Jeff

DirectAdmin Support
03-07-2004, 09:39 PM
DA adds on AllowUsers line per user who has ssh access on the system. The AllowUsers lines arn't required, so you can fool DA by editing /usr/local/directadmin/conf/directadmin.conf, and change the ssh config file to a bogus empty file that DA can add/remove users from. The in the *real* sshd_config file, you can just clear out *all* "AllowUsers" entries so that ssh will allow anyone to login if they have a shell setup in the /etc/passwd file (this is how it's normally done anyway)

John

quackweb
03-08-2004, 06:34 PM
Hey John,

I did this and cleared out all the AllowUsers entries in the config file and now no one can log into ssh. Any ideas?

Thanks!

DirectAdmin Support
03-09-2004, 12:14 PM
Check your logs (/var/log/messages and /var/log/secure).. I'm not sure whats up. If there are *no* "AllowUsers" lines, then everyone should be able to login (assuming they have a valid shell). If you've missed even one line, then nobody can login except that one user. I'm not too farmiliar with the rest of the ssh settings... perhaps go through them as well to see if there is anything that might need to be changed.

John