LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 08-16-2011, 06:08 PM   #1
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Rep: Reputation: 15
Unhappy ssh no longer works after upgrade from ubuntu 10.10 server to 11.04


Hi,
I upgraded to ubuntu server 11.04 a while back, and ever since then the ssh does not work. For example, if I try to log in it seems to take my credentials but immediately kicks me off. Further looking in the log shows pam_open_session() module is unknown. I do remember it asking to upgrade some /etc/security/something.conf file, so maybe that has something to do with it. I have no clue how to fix this, and for now I'm stuck using my host's out of band access (and no sftp or scp either). Any help is appreciated.
Thanks,
-Michael.
 
Old 08-16-2011, 06:14 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Moved: This thread is more suitable in Ubuntu and has been moved accordingly to help your question get the exposure it deserves.
 
Old 08-16-2011, 06:22 PM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
From the pam_open_session manpage:
Quote:
The pam_open_session function sets up a user session for a previously successful authenticated user.
I don't think you have the full picture. Provide more information on how you are logging in? Are you trying to log into you regular user account? Do you use public key authentication?

Try logging in using the -vv option to provide better debugging messages on the client side. It will show messages from both the client and the server.
 
Old 08-17-2011, 11:35 AM   #4
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,
To answer your questions:
I am using simply user/password authentication, and I am logging into a user account I could access since I created the server (until this upgrade).
I will try using the option you mention (if I can figure out how to get it working ) and let you know what happens.
Thanks,
-Michael.
 
Old 08-18-2011, 10:29 PM   #5
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,
As requested, here is the output from ssh -vv (with output sensored to protect my server ).
Quote:
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to mydomain.com [w.x.y.z] port 22.
debug1: Connection established.
debug1: identity file /home/somebody/.ssh/id_rsa type -1
debug1: identity file /home/somebody/.ssh/id_rsa-cert type -1
debug1: identity file /home/somebody/.ssh/id_dsa type -1
debug1: identity file /home/somebody/.ssh/id_dsa-cert type -1
debug1: identity file /home/somebody/.ssh/id_ecdsa type -1
debug1: identity file /home/somebody/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa...00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA c9:e2:87:53:b1:1b:8b:39:d1:3b:5f:eb:15:82:26:e0
debug1: Host 'mydomain.com' is known and matches the RSA host key.
debug1: Found key in /home/somebody/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/somebody/.ssh/id_rsa ((nil))
debug2: key: /home/somebody/.ssh/id_dsa ((nil))
debug2: key: /home/somebody/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/somebody/.ssh/id_rsa
debug1: Trying private key: /home/somebody/.ssh/id_dsa
debug1: Trying private key: /home/somebody/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to mydomain.com ([w.x.y.z]:22).
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.39.1-linode34 i686)

* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Thu Aug 18 22:17:15 2011 from li59-247.members.linode.com debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 1 clearing O_NONBLOCK
Connection to mydomain.com closed.
Transferred: sent 2008, received 2056 bytes, in 0.1 seconds
Bytes per second: sent 23840.9, received 24410.8
debug1: Exit status 254
Hope someone can help.
-Michael.
 
Old 08-24-2011, 03:40 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
The SSH connection is being established. You are even getting the 'issue' message. Could you check the kernel messages at the same time on the server? A failure with PAM may post a message there. Also look in /etc/security/ and the PAM config files for files with .new at the end which sometimes indicate recommended changes after a package is updated, but the old one may contain lines you need to retain.

I had a problem with SSH after installing a new version of openSuSE. I needed to precede the a path in sshd_config with %h/ that I hadn't need before.

Entering a portion of your error message exactly, inside double quotes, in a Google search may return results useful in finding a solution.
 
Old 08-29-2011, 09:02 PM   #7
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,
I looked in many places, including /var/log/syslog, /var/log/kern.log, /var/log/auth.log, and a couple others. i found nothing more noticable than I found before, namely that pam says "pam_open_session(), module is unknown")
Thanks,
-Michael.
 
Old 09-03-2011, 07:00 AM   #8
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I looked in the manpage for "pam_open_session". It is a function and not a module. You might want to check your pam configuration and make sure you have all your files. Could you post your common-session and sshd files in /etc/pam.d/?

Start with the sshd file. Make sure you have the .so files mentioned in /etc/security.
For example:
Code:
#%PAM-1.0
auth     requisite      pam_nologin.so
auth     include        common-auth
account  requisite      pam_nologin.so
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session
session  optional       pam_lastlog.so   silent noupdate showfailed
In this example, the pam modules pam_nologin.so, pam_loginuid.so and pam_lastlog.so are used. The common-auth, common-account, common-password and common-session files are pam config files in /etc/pam.d/ that may also use different pam modules.

Last edited by jschiwal; 09-03-2011 at 07:06 AM.
 
Old 09-04-2011, 02:43 PM   #9
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,
If you mean that the *.so files mentioned in /etc/pam.d/sshd should be in the directory /etc/security/, there are absolutely no *.so files there. I also looked in /lib/security, and there was only pam_mysql.so in there.
Thanks,
-Michael.
 
Old 09-07-2011, 01:28 AM   #10
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
The pam .so libraries are in /lib/security or /lib64/security.
 
Old 09-08-2011, 05:40 PM   #11
lilmike
Member
 
Registered: Nov 2009
Location: Baton Rouge, Louisiana
Distribution: Ubuntu
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,
I looked in /lib/security and all that is there with a .so extension is pam-mysql.so. I don't see anything listed in sshd there. As for lib64/security, it doesn't even exist (I am running a 32 version of ubuntu, however).
Hth,
-Michael.
 
Old 09-08-2011, 08:33 PM   #12
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Check your package manager to see what files should be supplied with the base PAM packages. The pam_unix2 module should be supplied. It's one that is always used to log in as far as I know.

Last edited by jschiwal; 09-13-2011 at 12:57 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HALD no longer works after Slack 12.2 upgrade jeffnik Slackware 6 01-14-2009 09:51 PM
Radeon driver no longer works after Fedora upgrade windowful Linux - Hardware 1 10-23-2007 07:47 AM
dual screen no longer works after FC6 upgrade DJOtaku Fedora 1 11-08-2006 08:14 PM
3ddesktop after apt-get upgrade no longer works with this error ... Outabux Debian 3 12-17-2004 09:59 AM
sftp no longer works, but ssh still does. muxman Linux - Software 0 05-19-2004 06:09 AM


All times are GMT -5. The time now is 10:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration