2016-05-27 8:57 GMT-04:00 Grzegorz Powiedziuk <gpowiedz...@gmail.com>:
> One other thing you could try (saved me many times) but a bit trouble some > is doing some stracing. > > 1. ssh to the user@server and let it sit on the login > 2. on the server, do ps auxwww |grep sshd and look for a new spawned > process > > [root@localhost ~]# ps auxwww |grep sshd |grep gpow > root 36195 0.0 1.7 150104 8324 ? Ss 08:50 0:00 sshd: > gpowiedziuk [priv] > sshd 36196 0.0 1.2 87072 5908 ? S 08:50 0:00 sshd: > gpowiedziuk [net] > > In my case the first, one owned by root was the one that had all the > interesting stuff in it so I did > > 3. strace -p 36203 &> logfile.x > > 4. on the login prompt, provide password and wait until it exits > > 5. Now examine the the trace by looking at the logile.x (it will be a > big file). > > > somhowe my gmail decided to send the email before I was finished In the trace you will see some some interesting stuff .. including password :) But anyway, grep that file for "open". I would say that what matters most. Look closely which files are being opened. Start checking those files for configuration errors, starting from last opened. Gregory ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
