# Can't update sshd_config [solved]

## jonfr

For some odd reasons, I can't update sshd_config file. Using chmod does not work so far, deleting the file does not work. For some reason the ssh stopped working, and my normal account got locked out. I do not know if the computer in question got hacked or not at this time. But suggestion to figure it out are welcomed. I now got the ssh back working, and I have restored the access to my normal account on the computer. This is a web server computer.

This is how the folder looks out.

```
ls -l

total 160

-rw-r--r-- 1 root root 125811 Jul  9 22:37 moduli

-rw-r--r-- 1 root root   1159 Jun 28 21:16 ssh_config

-rw------- 1 root root    668 Jul  9 22:42 ssh_host_dsa_key

-rw-r--r-- 1 root root    602 Jul  9 22:42 ssh_host_dsa_key.pub

-rw------- 1 root root    975 Jul  9 22:42 ssh_host_key

-rw-r--r-- 1 root root    639 Jul  9 22:42 ssh_host_key.pub

-rw------- 1 root root   1675 Jul  9 22:42 ssh_host_rsa_key

-rw-r--r-- 1 root root    394 Jul  9 22:42 ssh_host_rsa_key.pub

-rw------- 1 root root   2450 Jun 28 21:16 sshd_config

```

Thanks in advance for the help.Last edited by jonfr on Sat Jul 10, 2010 2:53 pm; edited 1 time in total

----------

## Princess Nell

Do you get any error messages from chmod?

----------

## jonfr

 *Princess Nell wrote:*   

> Do you get any error messages from chmod?

 

I only get this when using -v option.

```
chmod -v 755 sshd_config

chmod: changing permissions of `sshd_config': Operation not permitted

failed to change mode of `sshd_config' to 0755 (rwxr-xr-x)

```

----------

## Hu

Although strange, that is just as well.  The server configuration file is not meant to be world readable.

Perhaps the file has become immutable?  What is the output of lsattr /etc/ssh/?

----------

## dmpogo

You are certain you do it as root ? (sorry, had to ask)

----------

## jonfr

 *dmpogo wrote:*   

> You are certain you do it as root ? (sorry, had to ask)

 

Yes, I am root. I always work as a root when doing this in /etc folder.

----------

## jonfr

 *Hu wrote:*   

> Although strange, that is just as well.  The server configuration file is not meant to be world readable.
> 
> Perhaps the file has become immutable?  What is the output of lsattr /etc/ssh/?

 

Here is that output.

```
lsattr /etc/ssh/

--------------- /etc/ssh/ssh_host_key

--------------- /etc/ssh/moduli

--------------- /etc/ssh/ssh_host_key.pub

-u--ia--------- /etc/ssh/ssh_config

-u--ia--------- /etc/ssh/sshd_config

--------------- /etc/ssh/ssh_host_dsa_key

--------------- /etc/ssh/ssh_host_dsa_key.pub

--------------- /etc/ssh/ssh_host_rsa_key

--------------- /etc/ssh/ssh_host_rsa_key.pub

```

----------

## Princess Nell

man chattr   :Very Happy: 

----------

## jonfr

 *Princess Nell wrote:*   

> man chattr  

 

This does little to help me solve this issue.

----------

## jonfr

I have fixed this issue. The solution was chattr -uia to remove the restrictions from the file.

----------

## Hu

This still leaves the question of how that file became immutable in the first place.  Assuming good hardware, files do not just change attributes like that.  Since you had to read the manual page to solve it, that suggests you have not previously used chattr.  Is there anyone else who is supposed to have administrative access to this machine?  Both your ssh_config and sshd_config were immutable and both have an mtime of Jun 28 21:16.  Is this near in time to any known maintenance done on the machine?  Are there any strange or unexpected directives in either file?

Setting all of aiu on a file is a strange combination.  An immutable file cannot be modified, so there is no need for it to be append-only.  Nor can an immutable file be deleted, so there is no need for it to be undelete ready.

----------

## jonfr

 *Hu wrote:*   

> This still leaves the question of how that file became immutable in the first place.  Assuming good hardware, files do not just change attributes like that.  Since you had to read the manual page to solve it, that suggests you have not previously used chattr.  Is there anyone else who is supposed to have administrative access to this machine?  Both your ssh_config and sshd_config were immutable and both have an mtime of Jun 28 21:16.  Is this near in time to any known maintenance done on the machine?  Are there any strange or unexpected directives in either file?
> 
> Setting all of aiu on a file is a strange combination.  An immutable file cannot be modified, so there is no need for it to be append-only.  Nor can an immutable file be deleted, so there is no need for it to be undelete ready.

 

There was a problem with cpu fan begin clogged with dust, and overheating. But that should not have created this issue to start with. It also should not have locked my normal (I don't log into root with ssh) account on the computer.

Trying to run chkrootkit I got this.

```
/usr/bin/find: `head' terminated by signal 13                                   

/usr/bin/find: `head' terminated by signal 13                                   

/usr/bin/find: `head' terminated by signal 13                                   

/usr/bin/find: `head' terminated by signal 13                                   

/usr/bin/find: `head' terminated by signal 13 
```

----------

