Date: Thu, 25 Jul 2002 21:30:23 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Clifford Chu <cchu@aagl.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: My SSH broke Message-ID: <20020725203023.GA20670@happy-idiot-talk.infracaninophi> In-Reply-To: <B9659102.16EA%cchu@aagl.org> References: <B9659102.16EA%cchu@aagl.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 25, 2002 at 11:26:58AM -0700, Clifford Chu wrote:
> Now my SSH is broken. At first when connecting from a client, I got a server
> console message that said --no modules loaded for sshd service; fatal: PAM
> session setup failed(6); permission denied. So I
> looked into pam.conf and added:
> sshd auth required pam_ssh.so try_first_pass
> which silenced the console error messages.
Well, unless you've got some customised PAM stuff, I think you should
probably replace your /etc/pam.conf with the one from the 4.6 release
CD. You should be able to copy it right off the live filesystem disk,
or you can download it from:
http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/Attic/pam.conf?rev=1.6.2.13&content-type=text/x-cvsweb-markup&only_with_tag=RELENG_4_6_0_RELEASE
You should also look into updating /etc/ssh/sshd_config, which you can
get from your installation media or you can download it here:
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/sshd_config?rev=1.4.2.8&content-type=text/x-cvsweb-markup&only_with_tag=RELENG_4_6_0_RELEASE
If you're still having problems after doing that, a good trick is to
run the sshd server with debug flags on an alternate port --- sshd
will often be more informative then ssh about why it's refusing to
authenticate.
In one window, run (as root):
sshd -D -d -d -d -p 24
then in another window run:
ssh -p 24 -v -v -v localhost
(where 24 is just an arbitrary choice of port number that most systems
don't have anything listening on. Pick a different port if necessary).
Because of the -D flag, the sshd process won't daemonize and it will
quit once the ssh process has finished.
> So it appears that authentication is the hangup. Server logs show nothing
> after my change to pam.conf. But it had worked fine before. I've searched
> the maillist archives but didn't find anything. Where did I go wrong? Thanks
> for your help.
Yes. Doing an upgrade from the CD Roms can be a bit fraught. The
process will upgrade all the binaries and so forth perfectly well, but
it's handling of your configuration files --- essentially anything in
/etc --- leaves quite a bit to be desired.
What you may end up having to do is a file by file comparison of a
standard /etc directory from a 4.6 CD with your own /etc directory and
then try to do some sort of manual merge of any significant changes.
It can often be a lot easier just to do a fresh install over the top
of your current system, and then add back in the customisations you've
made over time. If you can remember what they are.
What I personally find to be the easiest and smoothest way of getting
a system up to date is to go the whole cvsup, buildworld/installworld
route. Sure, it may sound daunting to the novice and it takes time to
download the sources and it takes disk space and CPU cycles to compile
it all, but the whole thing is really a lot easier that it sounds.
It's only about half a dozen commands plus running mergemaster(8) ---
and mergemaster is really the key to successful upgrading. In my
humble opinion, a lot easier than doing a binary upgrade.
Look at
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
for detailed instructions, and look at
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
for everything you ever wanted to know about cvsup, but were afraid to
ask.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020725203023.GA20670>