Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 04:51:54PM +1100, Andrew Tait wrote:
> It appears to run fine to begin with, loading libraries and reading config
> files, these are the last few lines. It tries to fork, and then just dies.
>
> read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
> _llseek(3, 0, [0], SEEK_SET)= 0
> fcntl64(3, F_GETFL) = 0x8000 (flags
> O_RDONLY|O_LARGEFILE)
> fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x40016000
> _llseek(3, 0, [0], SEEK_CUR)= 0
> read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
> close(3)= 0
> munmap(0x40016000, 4096)= 0
> fork() = 451
> --- SIGCHLD (Child exited) ---
> _exit(0)
Try running it under strace -f (or -F) to see what the child does before
it dies.
Marcin
--
Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 04:51:54PM +1100, Andrew Tait wrote:
> It appears to run fine to begin with, loading libraries and reading config
> files, these are the last few lines. It tries to fork, and then just dies.
>
> read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
> _llseek(3, 0, [0], SEEK_SET)= 0
> fcntl64(3, F_GETFL) = 0x8000 (flags
> O_RDONLY|O_LARGEFILE)
> fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x40016000
> _llseek(3, 0, [0], SEEK_CUR)= 0
> read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
> close(3)= 0
> munmap(0x40016000, 4096)= 0
> fork() = 451
> --- SIGCHLD (Child exited) ---
> _exit(0)
Try running it under strace -f (or -F) to see what the child does before
it dies.
Marcin
--
Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
It appears to run fine to begin with, loading libraries and reading config
files, these are the last few lines. It tries to fork, and then just dies.
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
_llseek(3, 0, [0], SEEK_SET)= 0
fcntl64(3, F_GETFL) = 0x8000 (flags
O_RDONLY|O_LARGEFILE)
fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 451
--- SIGCHLD (Child exited) ---
_exit(0)
On a box where SSH is working
fstat(3, {st_mode=S_IFREG|0600, st_size=668, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 668
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 6632
_exit(0)= ?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
- Original Message -
From: "Jean-Francois Dive" <[EMAIL PROTECTED]>
To: "Andrew Tait" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, February 25, 2002 4:24 PM
Subject: Re: SSH Daemon failing
> strace it to see what's in there , could be meaningfull..
>
> JeF
>
> On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote:
> > Hi All,
> >
> > A few days ago SSH just failed on me, out of the blue.
> >
> > Everytime I start ssh (/etc/init.d/ssh start), this appears in the
auth.log
> > file:
> >
> > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success
> >
> > I can run ssh in debug mode (sshd -d) or by telling it not to detach
> > (sshd -D) and it runs fine. It just when it tried to daemonise itself
that
> > it fails, as you can see by the log files. Other processes such as
syslogd
> > start/stop fine.
> >
> > Any suggestions?
> >
> > Andrew Tait
> > System Administrator
> > Country NetLink Pty, Ltd
> > E-Mail: [EMAIL PROTECTED]
> > WWW: http://www.cnl.com.au
> > 30 Bank St Cobram, VIC 3644, Australia
> > Ph: +61 (03) 58 711 000
> > Fax: +61 (03) 58 711 874
> >
> > "It's the smell! If there is such a thing." Agent Smith - The Matrix
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
> --
> -> Jean-Francois Dive
> --> [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
Re: SSH Daemon failing
strace it to see what's in there , could be meaningfull.. JeF On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? > > Andrew Tait > System Administrator > Country NetLink Pty, Ltd > E-Mail: [EMAIL PROTECTED] > WWW: http://www.cnl.com.au > 30 Bank St Cobram, VIC 3644, Australia > Ph: +61 (03) 58 711 000 > Fax: +61 (03) 58 711 874 > > "It's the smell! If there is such a thing." Agent Smith - The Matrix > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED]
Re: SSH Daemon failing
That only affects the SSH client, the problem I am having is with the SSH server. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Donovan Baarda" <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; Sent: Monday, February 25, 2002 4:10 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > > > I have already tried purging the package and downloading it again (will > > check the MD5 sums afterward to make sure). > > It might have something to do with running ssh without suid-root set... > > run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. > > > -- > -- > ABO: finger [EMAIL PROTECTED] for more info, including pgp key > -- >
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > I have already tried purging the package and downloading it again (will > check the MD5 sums afterward to make sure). It might have something to do with running ssh without suid-root set... run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: SSH Daemon failing
The machine is running woody and is up to date, SSH version 3.0.2p1-6. I have already tried purging the package and downloading it again (will check the MD5 sums afterward to make sure). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: Sent: Monday, February 25, 2002 3:36 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > > Hi All, > > > > A few days ago SSH just failed on me, out of the blue. > > > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > > file: > > > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > > it fails, as you can see by the log files. Other processes such as syslogd > > start/stop fine. > > > > Any suggestions? > > What version of ssh? If you have a machine with the exact same sshd > binary, compare the md5sums. If you were running ssh v1, you may have been > hacked, and a trojaned sshd installed. > > Tim > > -- > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>> Tim Sailer (at home) >< Coastal Internet,Inc. << >>> Network and Systems Operations >< PO Box 671 << >>> http://www.buoy.com >< Ridge, NY 11961 << >>> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)924-3728 (888) > 924-3728 << > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? What version of ssh? If you have a machine with the exact same sshd binary, compare the md5sums. If you were running ssh v1, you may have been hacked, and a trojaned sshd installed. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet,Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << ><
Re: SSH Daemon failing
It appears to run fine to begin with, loading libraries and reading config
files, these are the last few lines. It tries to fork, and then just dies.
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
_llseek(3, 0, [0], SEEK_SET)= 0
fcntl64(3, F_GETFL) = 0x8000 (flags
O_RDONLY|O_LARGEFILE)
fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 451
--- SIGCHLD (Child exited) ---
_exit(0)
On a box where SSH is working
fstat(3, {st_mode=S_IFREG|0600, st_size=668, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 668
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 6632
_exit(0)= ?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
- Original Message -
From: "Jean-Francois Dive" <[EMAIL PROTECTED]>
To: "Andrew Tait" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, February 25, 2002 4:24 PM
Subject: Re: SSH Daemon failing
> strace it to see what's in there , could be meaningfull..
>
> JeF
>
> On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote:
> > Hi All,
> >
> > A few days ago SSH just failed on me, out of the blue.
> >
> > Everytime I start ssh (/etc/init.d/ssh start), this appears in the
auth.log
> > file:
> >
> > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success
> >
> > I can run ssh in debug mode (sshd -d) or by telling it not to detach
> > (sshd -D) and it runs fine. It just when it tried to daemonise itself
that
> > it fails, as you can see by the log files. Other processes such as
syslogd
> > start/stop fine.
> >
> > Any suggestions?
> >
> > Andrew Tait
> > System Administrator
> > Country NetLink Pty, Ltd
> > E-Mail: [EMAIL PROTECTED]
> > WWW: http://www.cnl.com.au
> > 30 Bank St Cobram, VIC 3644, Australia
> > Ph: +61 (03) 58 711 000
> > Fax: +61 (03) 58 711 874
> >
> > "It's the smell! If there is such a thing." Agent Smith - The Matrix
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
> --
> -> Jean-Francois Dive
> --> [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
strace it to see what's in there , could be meaningfull.. JeF On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? > > Andrew Tait > System Administrator > Country NetLink Pty, Ltd > E-Mail: [EMAIL PROTECTED] > WWW: http://www.cnl.com.au > 30 Bank St Cobram, VIC 3644, Australia > Ph: +61 (03) 58 711 000 > Fax: +61 (03) 58 711 874 > > "It's the smell! If there is such a thing." Agent Smith - The Matrix > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
That only affects the SSH client, the problem I am having is with the SSH server. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Donovan Baarda" <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 4:10 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > > > I have already tried purging the package and downloading it again (will > > check the MD5 sums afterward to make sure). > > It might have something to do with running ssh without suid-root set... > > run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. > > > -- > -- > ABO: finger [EMAIL PROTECTED] for more info, including pgp key > -- > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > I have already tried purging the package and downloading it again (will > check the MD5 sums afterward to make sure). It might have something to do with running ssh without suid-root set... run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
The machine is running woody and is up to date, SSH version 3.0.2p1-6. I have already tried purging the package and downloading it again (will check the MD5 sums afterward to make sure). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 3:36 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > > Hi All, > > > > A few days ago SSH just failed on me, out of the blue. > > > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > > file: > > > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > > it fails, as you can see by the log files. Other processes such as syslogd > > start/stop fine. > > > > Any suggestions? > > What version of ssh? If you have a machine with the exact same sshd > binary, compare the md5sums. If you were running ssh v1, you may have been > hacked, and a trojaned sshd installed. > > Tim > > -- > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>> Tim Sailer (at home) >< Coastal Internet,Inc. << >>> Network and Systems Operations >< PO Box 671 << >>> http://www.buoy.com >< Ridge, NY 11961 << >>> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? What version of ssh? If you have a machine with the exact same sshd binary, compare the md5sums. If you were running ssh v1, you may have been hacked, and a trojaned sshd installed. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet,Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
