ssh login dies

derek23 · 07-11-2002, 12:45 PM

Being an OSX Server admin and Mac lab manager for NU, I use many differnet OS X machines at work and at home. Every once and awhile, and I have noticed this on a few different machines (server and client) from time to time, the ssh authentication procedure chokes. The port is listening; i get the login prompt but my password is denied (yes the correct account name is before the @server/ip). Making a new test account remotely with Server Admin.app gets denied to so it's not one account that's the issue. Unchecking then rechecking the "Allow Remote Login" fixes it but I want to know why this is happening because it if happens on a remote machine w/out webmin installed I have no way of restarting the computer/ sshd and getting in.

<rant>
On this note, I undertstand that OSX Server is simply OS X client with Server Admin and some extra utilities and-sorry to be redundant-that client has no Server Admin.app. But it annoys the hell out of me that stopping and starting sshd via the GUI is done in the Sharing System Pref which I cannot get into/use remotely like I can Server Admin.app.

If I could restart sshd in Server Admin this issue wouldn't be such a big deal.
</rant>

Yeah, I know just make sure webmin is installed, but still I am curious about this. my linux boxes never do it.

Has any one else noticed this? Thoughts? Hunches?

TIA

Derek Hall

blb · 07-11-2002, 03:40 PM

When this problem occurs, do you see something to the effect of illegal user <username> in /var/log/system.log? If so, it's something I've seen (rarely) and I think has been seen by a few others. Unfortunately, it's appearance is intermittent at best, and I've been unable to track it down.

derek23 · 07-11-2002, 03:50 PM

Thanks for your reply.

Not sure, I can look on my box at home, the one presently denying me, when I get there.

Does this behavior you reference happen to all accounts when it is happening to one? Cause I cannot ssh in with any account, admin or otherwise, when this occurs. Again, I remotely made a new simple user account with a simple password and set a login shell and still got denied.

"Sorry, try again" like when you mistype your password.

derek23 · 07-11-2002, 05:09 PM

Ok one of my servers here at work, which coincidentally did the same thing this morning and I fixed earlier by restarting sshd in the GUI, appears to have what you referenced in System.log:

Jul 11 09:58:51 jerry sshd[1410]: Failed password for illegal user admin from 12
9.105.188.58 port 49182 ssh2

And what's more this server at work suddenly stopped letting me in again in the same fashion only a few hours after i "fixed" it. I rebooted the machine (not just sshd) and it lets me back in. We'll see for how much longer...

D

blb · 07-11-2002, 08:42 PM

The couple of times I've seen it, it disallows my user (with admin privs) as well as root. My current working theory is it (sshd) loses its connection to lookupd, and can no longer figure out who anyone is.

Haven't had it happen lately, though. Not sure if that's just part of its intermittent behavior or what (I do have the latest ssh from Apple, 3.4p1).

derek23 · 07-12-2002, 10:05 AM

Yeah I ran top on the server at home and sshd was listed but stalled. The time field wasn't even updating.

Not that this tells us anything really but I tohught I'd mention it.

cadder · 08-06-2002, 04:00 PM

I posted a question about this type of behavior a few weeks back. What happens for me is that whenever lookupd dies (which happens all too frequently) every application that requires authentication fails to properly authenticate. I've noticed it with SSH, FTP, and even the OS.

After I restart lookupd, I get full network functionality again, but the applications won't properly authenticate until I've restarted them.

SSH and FTP will work after I kill the daemons and restart them, but the real pisser is the OS itself. I can relaunch the Finder after lookupd has restarted, but I still can't properly authenticate to application installers or Software Update. In fact, Software Update won't even run until I completely reboot the system.

My suggestion for remote critical systems is to run a process monitor that will automatically restart lookupd first, and then the individual daemons as needed.

Hope that helps.

- AB

07-11-2002, 12:45 PM	#1
derek23 Prospect Join Date: Jul 2002 Location: Chicago, IL Posts: 4	ssh login dies Being an OSX Server admin and Mac lab manager for NU, I use many differnet OS X machines at work and at home. Every once and awhile, and I have noticed this on a few different machines (server and client) from time to time, the ssh authentication procedure chokes. The port is listening; i get the login prompt but my password is denied (yes the correct account name is before the @server/ip). Making a new test account remotely with Server Admin.app gets denied to so it's not one account that's the issue. Unchecking then rechecking the "Allow Remote Login" fixes it but I want to know why this is happening because it if happens on a remote machine w/out webmin installed I have no way of restarting the computer/ sshd and getting in. <rant> On this note, I undertstand that OSX Server is simply OS X client with Server Admin and some extra utilities and-sorry to be redundant-that client has no Server Admin.app. But it annoys the hell out of me that stopping and starting sshd via the GUI is done in the Sharing System Pref which I cannot get into/use remotely like I can Server Admin.app. If I could restart sshd in Server Admin this issue wouldn't be such a big deal. </rant> Yeah, I know just make sure webmin is installed, but still I am curious about this. my linux boxes never do it. Has any one else noticed this? Thoughts? Hunches? TIA Derek Hall

08-06-2002, 04:00 PM	#7
cadder Prospect Join Date: Jan 2002 Location: NYC Posts: 20	Me Too I posted a question about this type of behavior a few weeks back. What happens for me is that whenever lookupd dies (which happens all too frequently) every application that requires authentication fails to properly authenticate. I've noticed it with SSH, FTP, and even the OS. After I restart lookupd, I get full network functionality again, but the applications won't properly authenticate until I've restarted them. SSH and FTP will work after I kill the daemons and restart them, but the real pisser is the OS itself. I can relaunch the Finder after lookupd has restarted, but I still can't properly authenticate to application installers or Software Update. In fact, Software Update won't even run until I completely reboot the system. My suggestion for remote critical systems is to run a process monitor that will automatically restart lookupd first, and then the individual daemons as needed. Hope that helps. - AB

07-11-2002, 03:40 PM	#2
blb All Star Join Date: Jan 2002 Location: CO, USA Posts: 908	When this problem occurs, do you see something to the effect of illegal user <username> in /var/log/system.log? If so, it's something I've seen (rarely) and I think has been seen by a few others. Unfortunately, it's appearance is intermittent at best, and I've been unable to track it down.

07-11-2002, 03:50 PM	#3
derek23 Prospect Join Date: Jul 2002 Location: Chicago, IL Posts: 4	Thanks for your reply. Not sure, I can look on my box at home, the one presently denying me, when I get there. Does this behavior you reference happen to all accounts when it is happening to one? Cause I cannot ssh in with any account, admin or otherwise, when this occurs. Again, I remotely made a new simple user account with a simple password and set a login shell and still got denied. "Sorry, try again" like when you mistype your password.

07-11-2002, 05:09 PM	#4
derek23 Prospect Join Date: Jul 2002 Location: Chicago, IL Posts: 4	Ok one of my servers here at work, which coincidentally did the same thing this morning and I fixed earlier by restarting sshd in the GUI, appears to have what you referenced in System.log: Jul 11 09:58:51 jerry sshd[1410]: Failed password for illegal user admin from 12 9.105.188.58 port 49182 ssh2 And what's more this server at work suddenly stopped letting me in again in the same fashion only a few hours after i "fixed" it. I rebooted the machine (not just sshd) and it lets me back in. We'll see for how much longer... D

07-11-2002, 08:42 PM	#5
blb All Star Join Date: Jan 2002 Location: CO, USA Posts: 908	The couple of times I've seen it, it disallows my user (with admin privs) as well as root. My current working theory is it (sshd) loses its connection to lookupd, and can no longer figure out who anyone is. Haven't had it happen lately, though. Not sure if that's just part of its intermittent behavior or what (I do have the latest ssh from Apple, 3.4p1).

07-12-2002, 10:05 AM	#6
derek23 Prospect Join Date: Jul 2002 Location: Chicago, IL Posts: 4	Yeah I ran top on the server at home and sshd was listed but stalled. The time field wasn't even updating. Not that this tells us anything really but I tohught I'd mention it.