Hiển thị các bài đăng có nhãn SSH. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn SSH. Hiển thị tất cả bài đăng

Chủ Nhật, 10 tháng 1, 2016

Fix SSH long delay connection in CentOS

Add 2 options in /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
Reload: systemctl reload sshd 
Người đăng: vào lúc Không có nhận xét nào:
Nhãn: ,

Thứ Tư, 4 tháng 2, 2015

Can not enable SSHD in Solaris 10

Today, I changed some configured in /etc/ssh/sshd_config and restart services sshd by command:
svcadm restart svc:/network/ssh:default
After that, I carefully checked status sshd by showing listen ports.
netstat -an | grep LISTEN
But I did not see ssh port listening. After that I perform ssh checking but connection was error. (Phew, fortunely I did not exit current ssh session.)
I checked status service sshd using command:
svcs -l ssh
Result
fmri         svc:/network/ssh:default
name         SSH server
enabled      true
state        offline
next_state   none
state_time   Wed Feb 04 13:15:44 2015
logfile      /var/svc/log/network-ssh:default.log
restarter    svc:/system/svc/restarter:default
contract_id  57
dependency   require_all/none svc:/system/filesystem/local (online)
dependency   optional_all/none svc:/system/filesystem/autofs (online)
dependency   require_all/none svc:/network/loopback (online)
dependency   require_all/none svc:/network/physical (online)
dependency   require_all/none svc:/system/cryptosvc (maintenance)
dependency   require_all/none svc:/system/utmp (online)
dependency   require_all/restart file://localhost/etc/ssh/sshd_config (online)

In /var/adm/messages, I saw these lines:
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 970222 auth.error] libpkcs11: Unable to contact kcfd: Bad file number
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 748427 auth.error] libpkcs11: /usr/lib/security/pkcs11_softtoken_extra.so unexpected fai
lure in ELF signature verification. System may have been tampered with. Cannot continue parsing /etc/crypto/pkcs11.conf
Feb  4 13:14:14 A.B.C.D sshd[10376]: [ID 800047 auth.error] monitor error: pkcs11 engine does not exist

Using `elfsign verify -e  /usr/lib/security/pkcs11_softtoken_extra.so` , result was passed.

After reading solaris 10 document, I reliazed that service in maintance status is not running ( or died ) and need to be clear.
So, I ran this command to restore cryptosvc
svcadm clear svc:/system/cryptosvc:default
Checked status cryptosvc using command:
svcs -p svc:/system/cryptosvc:default
Result:
STATE          STIME    FMRI
online         13:49:40 svc:/system/cryptosvc:default
               13:49:40    10948 kcfd

Now I started ssh service and finished:
svcadm enable svc:/network/ssh:default

Người đăng: vào lúc Không có nhận xét nào:
Nhãn: ,
Đăng ký: Bài đăng (Atom)