>> debug1: session_by_channel: session 0 channel 0 >> debug1: session_input_channel_req: session 0 req shell >> debug1: Setting controlling tty using TIOCSCTTY. >> debug1: Received SIGCHLD.
Here is the point where your session is getting toasted. As was pointed out earlier it really looks like it is not anything to do with the protocol or server, but much more like there is an issue establishing the login tty and shell. Assuming that this problem is ONLY when you try to login as “root”, (the “broken pipe” below is because you ‘hung-up’, right?) Perhaps this simply a matter of checking your sshd_config file and making sure that you have line that looks like: PermitRootLogin yes The default on most Linux distributions is to disable remote access as the root user. One fallout from that is that the default sushi_config file usually has the above line commented out. Tom Anderson Ex ignorantia ad sapientiam e tenebris ad lucem! > On May 26, 2016, at 7:29 AM, van Sleeuwen, Berry <berry.vansleeu...@atos.net> > wrote: > > Hi Mike, > > Yes: > > May 26 11:07:49 sles10x sshd[2087]: PAM unable to > dlopen(/lib64/security/pam_pwcheck.so) > May 26 11:07:49 sles10x sshd[2087]: PAM [error: /usr/lib64/libcrack.so.2: > invalid ELF header] > May 26 11:07:49 sles10x sshd[2087]: PAM adding faulty module: > /lib64/security/pam_pwcheck.so > May 26 11:07:53 sles10x sshd[2087]: Accepted keyboard-interactive/pam for > root from x.x.x.x port 53553 ssh2 > May 26 11:07:53 sles10x sshd[2087]: Received disconnect from x.x.x.x: 11: > disconnected by user > > I have disabled pam_pwcheck from the common-password but that didn't solve > the ssh issue. It did however remove the pam_pwcheck and libcrack errors. But > since that didn't solve the issue I reset the common-password to the orginal > version. > > So basically the key messages in /var/log/messages are the "accepted > keyboard-interactive" and "Received disconnect". > > Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, > Berry van Sleeuwen > > > -----Original Message----- > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael > MacIsaac > Sent: Thursday, May 26, 2016 1:53 PM > To: LINUX-390@VM.MARIST.EDU > Subject: Re: Unable to login with ssh > > Berry, > > Was there an entry added to /var/log/messages? > > -Mike > > On Thu, May 26, 2016 at 7:45 AM, van Sleeuwen, Berry < > berry.vansleeu...@atos.net> wrote: > >> Hi Michael, >> >> I tried, but that didn't help me any further. >> >> ... >> debug1: session_by_channel: session 0 channel 0 >> debug1: session_input_channel_req: session 0 req shell >> debug1: Setting controlling tty using TIOCSCTTY. >> debug1: Received SIGCHLD. >> debug1: session_by_pid: pid 2227 >> debug1: session_exit_message: session 0 channel 0 pid 2227 >> debug1: session_exit_message: release channel 0 >> debug1: session_pty_cleanup: session 0 release /dev/pts/0 >> debug1: session_by_channel: session 0 channel 0 >> debug1: session_close_by_channel: channel 0 child 0 >> debug1: session_close: session 0 pid 0 >> debug1: channel 0: free: server-session, nchannels 1 Received >> disconnect from 10.193.116.43: 11: disconnected by user >> debug1: do_cleanup >> debug1: PAM: cleanup >> debug1: PAM: closing session >> debug1: PAM: deleting credentials >> >> Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, >> Berry van Sleeuwen >> >> >> -----Original Message----- >> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of >> Michael MacIsaac >> Sent: Thursday, May 26, 2016 1:27 PM >> To: LINUX-390@VM.MARIST.EDU >> Subject: Re: Unable to login with ssh >> >> Berry, >> >> Did you try turning debug on for sshd? I find you get a lot more >> information debugging from the server side than the client (and this >> makes sense for security reasons). >> >> On a SLES system, in the file /etc/sysconfig/ssh, I add a '-d' to : >> >> SSHD_OPTS="-d" >> >> Then "service restart sshd". You should immediately see debug info on >> the console. >> >> Hope this helps >> >> -Mike M >> >> On Thu, May 26, 2016 at 7:14 AM, van Sleeuwen, Berry < >> berry.vansleeu...@atos.net> wrote: >> >>> Hi Rick, >>> >>> I can logon on the VM console so I expect the shell and various >>> profiles should be ok. >>> >>> It's (almost) the same when I logon through ssh with another userid. >>> >>> Password: >>> debug2: input_userauth_info_req >>> debug2: input_userauth_info_req: num_prompts 0 >>> debug1: Authentication succeeded (keyboard-interactive). >>> Authenticated to x.x.x.x ([x.x.x.x]:22). >>> debug1: channel 0: new [client-session] >>> debug2: channel 0: send open >>> debug1: Requesting no-more-sessi...@openssh.com >>> debug1: Entering interactive session. >>> Write failed: Broken pipe >>> >>> Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, >>> Berry van Sleeuwen >>> >>> -----Original Message----- >>> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf >>> Of Rick Troth >>> Sent: Thursday, May 26, 2016 12:36 PM >>> To: LINUX-390@VM.MARIST.EDU >>> Subject: Re: Unable to login with ssh >>> >>> Bad shell? (exits right away) >>> >>> Can you sign on with a different ID? >>> >>> Check your .profile, .bashrc, and their equiv under /etc. >>> >>> Try the virtual console if you can't do these "checks" from another ID. >>> >>> I might also suggest looking into the ciphers available (which >>> *have* changed recently), but since it shows "last login" that's >>> probably not the problem. >>> >>> -- R; <>< >>> >>> >>> On May 26, 2016 5:07 AM, "van Sleeuwen, Berry" >>> <berry.vansleeu...@atos.net >>>> >>> wrote: >>> >>>> Hi All, >>>> >>>> I try to login to a SLES10 linux guest. It looks like the login is >>>> correct but right after that the session is closed. I have tried >>>> to ssh from another linux guest, with trace options. But it is >>>> still unclear to me why the session is aborted. I have tried to >>>> find some clues in various locations but a lot of those solutions >>>> are either not applicable or do not help to solve the issue. >>>> >>>> Why would this session be closed and how can I fix this? >>>> >>>> <BVS: Removed the start of the trace, check of various keys and >>>> cyphers> >>>> Password: >>>> debug3: packet_send2: adding 32 (len 20 padlen 12 extra_pad 64) >>>> debug2: input_userauth_info_req >>>> debug2: input_userauth_info_req: num_prompts 0 >>>> debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) >>>> debug1: Authentication succeeded (keyboard-interactive). >>>> Authenticated to x.x.x.x ([y.y.y.y]:22). >>>> >>>> <BVS: So looks like I am granted access > >>>> <BVS: removed environment records…> >>>> <BVS: the following 6 records are similar to a successful login, >>>> after that the session close starts> >>>> >>>> debug2: channel 0: open confirm rwindow 0 rmax 32768 >>>> debug2: channel_input_status_confirm: type 99 id 0 >>>> debug2: PTY allocation request accepted on channel 0 >>>> debug2: channel 0: rcvd adjust 2097152 >>>> debug2: channel_input_status_confirm: type 99 id 0 >>>> debug2: shell request accepted on channel 0 >>>> debug1: client_input_channel_req: channel 0 rtype exit-signal >>>> reply >>>> 0 >>>> debug1: client_input_channel_req: channel 0 rtype e...@openssh.com >>>> reply 0 >>>> debug2: channel 0: rcvd eow >>>> debug2: channel 0: close_read >>>> debug2: channel 0: input open -> closed >>>> debug2: channel 0: rcvd eof >>>> debug2: channel 0: output open -> drain >>>> debug2: channel 0: rcvd close >>>> debug3: channel 0: will not send data after close Last login: Thu >>>> May >>>> 26 10:37:40 2016 from xxx.xxx.xxx.xxx >>>> >>>> <BVS: The last login was the previous time I tried. So indeed the >>>> login is accepted and logged.) >>>> >>>> debug3: channel 0: will not send data after close >>>> debug2: channel 0: obuf empty >>>> debug2: channel 0: close_write >>>> debug2: channel 0: output drain -> closed >>>> debug2: channel 0: almost dead >>>> debug2: channel 0: gc: notify user >>>> debug2: channel 0: gc: user detached >>>> debug2: channel 0: send close >>>> debug2: channel 0: is dead >>>> debug2: channel 0: garbage collecting >>>> debug1: channel 0: free: client-session, nchannels 1 >>>> debug3: channel 0: status: The following connections are open: >>>> #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1) >>>> >>>> Connection to y.y.y.y closed. >>>> Transferred: sent 3096, received 2392 bytes, in 0.0 seconds Bytes >>>> per >>>> second: sent 2010460.6, received 1553301.6 >>>> debug1: Exit status -1 >>>> >>>> >>>> Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, >>>> Berry van Sleeuwen Flight Forum 3000 5657 EW Eindhoven • +31 (0)6 >>>> 22564276 [cid:image001.jpg@01CE3508.E10AE080] >>>> [cid:image002.jpg@01CE3508.E10AE080] >>>> >>>> >>>> This e-mail and the documents attached are confidential and >>>> intended solely for the addressee; it may also be privileged. If >>>> you receive this e-mail in error, please notify the sender >>>> immediately and destroy it. As its integrity cannot be secured on >>>> the Internet, Atos’ liability cannot >>> be >>>> triggered for the message content. Although the sender endeavours >>>> to maintain a computer virus-free network, the sender does not >>>> warrant that this transmission is virus-free and will not be >>>> liable for any damages resulting from any virus transmitted. On >>>> all offers and agreements under which Atos Nederland B.V. supplies >>>> goods and/or services of whatever nature, the Terms of Delivery >>>> from Atos Nederland >> B.V. exclusively apply. >>>> The Terms of Delivery shall be promptly submitted to you on your >> request. >>>> >>> >>> -------------------------------------------------------------------- >>> -- For LINUX-390 subscribe / signoff / archive access instructions, >>> send email to lists...@vm.marist.edu with the message: INFO >>> LINUX-390 or visit >>> http://www.marist.edu/htbin/wlvindex?LINUX-390 >>> -------------------------------------------------------------------- >>> -- For more information on Linux on System z, visit >>> http://wiki.linuxvm.org/ This e-mail and the documents attached are >>> confidential and intended solely for the addressee; it may also be >>> privileged. If you receive this e-mail in error, please notify the >>> sender immediately and destroy it. As its integrity cannot be >>> secured on the Internet, Atos’ liability cannot be triggered for the >>> message content. Although the sender endeavours to maintain a >>> computer virus-free network, the sender does not warrant that this >>> transmission is virus-free and will not be liable for any damages >>> resulting from any virus transmitted. On all offers and agreements >>> under which Atos Nederland B.V. supplies goods and/or services of >>> whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively >>> apply. >>> The Terms of Delivery shall be promptly submitted to you on your request. >>> >> >> ---------------------------------------------------------------------- >> For LINUX-390 subscribe / signoff / archive access instructions, send >> email to lists...@vm.marist.edu with the message: INFO LINUX-390 or >> visit >> http://www.marist.edu/htbin/wlvindex?LINUX-390 >> ---------------------------------------------------------------------- >> For more information on Linux on System z, visit >> http://wiki.linuxvm.org/ This e-mail and the documents attached are >> confidential and intended solely for the addressee; it may also be >> privileged. If you receive this e-mail in error, please notify the >> sender immediately and destroy it. As its integrity cannot be secured >> on the Internet, Atos’ liability cannot be triggered for the message >> content. Although the sender endeavours to maintain a computer >> virus-free network, the sender does not warrant that this transmission >> is virus-free and will not be liable for any damages resulting from >> any virus transmitted. On all offers and agreements under which Atos >> Nederland B.V. supplies goods and/or services of whatever nature, the Terms >> of Delivery from Atos Nederland B.V. exclusively apply. >> The Terms of Delivery shall be promptly submitted to you on your request. >> > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, send email > to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit http://wiki.linuxvm.org/ > This e-mail and the documents attached are confidential and intended solely > for the addressee; it may also be privileged. If you receive this e-mail in > error, please notify the sender immediately and destroy it. As its integrity > cannot be secured on the Internet, Atos’ liability cannot be triggered for > the message content. Although the sender endeavours to maintain a computer > virus-free network, the sender does not warrant that this transmission is > virus-free and will not be liable for any damages resulting from any virus > transmitted. On all offers and agreements under which Atos Nederland B.V. > supplies goods and/or services of whatever nature, the Terms of Delivery from > Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be > promptly submitted to you on your request. > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
