Thứ Tư, 4 tháng 2, 2015

Can not enable SSHD in Solaris 10

Today, I changed some configured in /etc/ssh/sshd_config and restart services sshd by command:
svcadm restart svc:/network/ssh:default
After that, I carefully checked status sshd by showing listen ports.
netstat -an | grep LISTEN
But I did not see ssh port listening. After that I perform ssh checking but connection was error. (Phew, fortunely I did not exit current ssh session.)
I checked status service sshd using command:
svcs -l ssh
Result
fmri         svc:/network/ssh:default
name         SSH server
enabled      true
state        offline
next_state   none
state_time   Wed Feb 04 13:15:44 2015
logfile      /var/svc/log/network-ssh:default.log
restarter    svc:/system/svc/restarter:default
contract_id  57
dependency   require_all/none svc:/system/filesystem/local (online)
dependency   optional_all/none svc:/system/filesystem/autofs (online)
dependency   require_all/none svc:/network/loopback (online)
dependency   require_all/none svc:/network/physical (online)
dependency   require_all/none svc:/system/cryptosvc (maintenance)
dependency   require_all/none svc:/system/utmp (online)
dependency   require_all/restart file://localhost/etc/ssh/sshd_config (online)

In /var/adm/messages, I saw these lines:
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 970222 auth.error] libpkcs11: Unable to contact kcfd: Bad file number
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 748427 auth.error] libpkcs11: /usr/lib/security/pkcs11_softtoken_extra.so unexpected fai
lure in ELF signature verification. System may have been tampered with. Cannot continue parsing /etc/crypto/pkcs11.conf
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 800047 auth.error] monitor error: pkcs11 engine does not exist

Using `elfsign verify -e  /usr/lib/security/pkcs11_softtoken_extra.so` , result was passed.

After reading solaris 10 document, I reliazed that service in maintance status is not running ( or died ) and need to be clear.
So, I ran this command to restore cryptosvc
svcadm clear svc:/system/cryptosvc:default
Checked status cryptosvc using command:
svcs -p svc:/system/cryptosvc:default
Result:
STATE          STIME    FMRI
online         13:49:40 svc:/system/cryptosvc:default
               13:49:40    10948 kcfd

Now I started ssh service and finished:
svcadm enable svc:/network/ssh:default

Người đăng: vào lúc Không có nhận xét nào:
Nhãn: ,
Đăng ký: Bài đăng (Atom)