From owner-freebsd-questions Thu Jul 25 13:43:36 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B32F37B401 for ; Thu, 25 Jul 2002 13:43:32 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id B811743E31 for ; Thu, 25 Jul 2002 13:43:31 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g6PKUSXZ020981; Thu, 25 Jul 2002 21:30:28 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g6PKUNTK020980; Thu, 25 Jul 2002 21:30:23 +0100 (BST) Date: Thu, 25 Jul 2002 21:30:23 +0100 From: Matthew Seaman To: Clifford Chu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: My SSH broke Message-ID: <20020725203023.GA20670@happy-idiot-talk.infracaninophi> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 25, 2002 at 11:26:58AM -0700, Clifford Chu wrote: > Now my SSH is broken. At first when connecting from a client, I got a server > console message that said --no modules loaded for sshd service; fatal: PAM > session setup failed(6); permission denied. So I > looked into pam.conf and added: > sshd auth required pam_ssh.so try_first_pass > which silenced the console error messages. Well, unless you've got some customised PAM stuff, I think you should probably replace your /etc/pam.conf with the one from the 4.6 release CD. You should be able to copy it right off the live filesystem disk, or you can download it from: http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/Attic/pam.conf?rev=1.6.2.13&content-type=text/x-cvsweb-markup&only_with_tag=RELENG_4_6_0_RELEASE You should also look into updating /etc/ssh/sshd_config, which you can get from your installation media or you can download it here: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/sshd_config?rev=1.4.2.8&content-type=text/x-cvsweb-markup&only_with_tag=RELENG_4_6_0_RELEASE If you're still having problems after doing that, a good trick is to run the sshd server with debug flags on an alternate port --- sshd will often be more informative then ssh about why it's refusing to authenticate. In one window, run (as root): sshd -D -d -d -d -p 24 then in another window run: ssh -p 24 -v -v -v localhost (where 24 is just an arbitrary choice of port number that most systems don't have anything listening on. Pick a different port if necessary). Because of the -D flag, the sshd process won't daemonize and it will quit once the ssh process has finished. > So it appears that authentication is the hangup. Server logs show nothing > after my change to pam.conf. But it had worked fine before. I've searched > the maillist archives but didn't find anything. Where did I go wrong? Thanks > for your help. Yes. Doing an upgrade from the CD Roms can be a bit fraught. The process will upgrade all the binaries and so forth perfectly well, but it's handling of your configuration files --- essentially anything in /etc --- leaves quite a bit to be desired. What you may end up having to do is a file by file comparison of a standard /etc directory from a 4.6 CD with your own /etc directory and then try to do some sort of manual merge of any significant changes. It can often be a lot easier just to do a fresh install over the top of your current system, and then add back in the customisations you've made over time. If you can remember what they are. What I personally find to be the easiest and smoothest way of getting a system up to date is to go the whole cvsup, buildworld/installworld route. Sure, it may sound daunting to the novice and it takes time to download the sources and it takes disk space and CPU cycles to compile it all, but the whole thing is really a lot easier that it sounds. It's only about half a dozen commands plus running mergemaster(8) --- and mergemaster is really the key to successful upgrading. In my humble opinion, a lot easier than doing a binary upgrade. Look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html for detailed instructions, and look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html for everything you ever wanted to know about cvsup, but were afraid to ask. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message