# ssh daemon crashed, I am screwed [actually not crashed]

## zbindere

I run at home a webserver. now the ssh daemon crashed. this is already the second time this happens. I don't have any keyboard, mouse, monitor attached. so I have to reboot the server.

are there other solutions? how could I restart the ssh daemon maybe using a web-inerface? I don't want to run a telnet server as backup. does someone have similar problems?Last edited by zbindere on Wed Feb 16, 2005 2:06 pm; edited 1 time in total

----------

## jh294

You have a few choices:

1) The obvious and recommended solution is to determine why SSHD is crashing and fix it.

2)  Start a second instance of the SSH daemon listening on another port.  If the first one is not responding, use the second one.  This may or may not help depending on the cause of the crash.  There is no reason to limit yourself to only a second instance, you can easily run three, four or more daemons all listening on different ports.  Please see option 1.

3)  Restart SSH every 10 minutes from cron.  You will not impact current sessions just new connections during the restart (1 to 3 seconds depending on your system).  This may or may not help matters and could possibly result in problems with cron and process table.  Please see option 1.

Good luck.

----------

## cselkirk

I would be more inclined to want to know why is crashes, nothing in /var/log/messages? Anyhow, you could run something like the following from crontab, which will restart sshd if the test string is empty (note the "[s]shd", specificly the "[s]", is there to stop the ps returning itself).

```
#!/bin/sh

if [[ -z $(ps aux |grep /usr/sbin/[s]shd) ]]; then

       /etc/init.d/sshd restart 

fi
```

HTH

----------

## zbindere

thanks all. I checked /var/log/messages. no entries.

I think I will do the cron thing. this is the easiest since this does not happen very often.

----------

## SilverOne

 *cselkirk wrote:*   

> I
> 
> ```
> #!/bin/sh
> 
> ...

 

If this doesn't work try putting quotes (" ") around the grep argument like so:

```

if [[ -z $(ps aux |grep "/usr/sbin/[s]shd") ]]; then

```

I tried the 'ps' statement on the commandline and it wouldn't work correctly without the quotes.

----------

## cselkirk

As this machine is world accessable and providing world accessable services I would be somewhat suspicious of the fact this happens, particularly as openssh is, in my experience, not prone to crashing. How do you know it's actually crashing? (given that you are unable to login and check). The fact that you are unable to access port 22 could mean a number of things (firewall rules affecting the specific host and/or subnet you are loging in from for example). There are various things that could be at fault and I would be less inclined to write it off to "ssh crashing" before looking into the problem further.

----------

## cselkirk

 *SilverOne wrote:*   

> I tried the 'ps' statement on the commandline and it wouldn't work correctly without the quotes.

 

huh?

```
zsh% print $SHELL

zsh

zsh% ps aux |grep /usr/sbin/[s]shd

root     19495  0.0  0.1   3136  1328 ?        Ss   Feb12   0:00 /usr/sbin/sshd

zsh% /bin/bash -

bash# ps aux |grep /usr/sbin/[s]shd

root     19495  0.0  0.1   3136  1328 ?        Ss   Feb12   0:00 /usr/sbin/sshd

bash# exit

zsh% print "just to make sure it's nothing from my env" >> /dev/null

zsh% /bin/ps aux | /bin/grep /usr/sbin/[s]shd

root     19495  0.0  0.1   3136  1328 ?        Ss   Feb12   0:00 /usr/sbin/sshd
```

----------

## SilverOne

Well this is the output I get:

```

# ps aux | grep /usr/sbin/[s]shd

root     13358  0.0  0.2   3644  1440 ?        Ss   Jan21   0:01 /usr/sbin/sshd

root     30973  0.0  0.1   1464   872 pts/0    R+   14:28   0:00 grep /usr/sbin/sshd

# ps aux | grep "/usr/sbin/[s]shd"

root     13358  0.0  0.2   3644  1440 ?        Ss   Jan21   0:01 /usr/sbin/sshd

#

```

I'm running bash.

I've got no idea why our outputs differ.

----------

## j-m

 *SilverOne wrote:*   

> 
> 
> I'm running bash.
> 
> I've got no idea why our outputs differ.

 

Do you have bash-3.0  :Question: 

----------

## lookinin

My bash does the same - grep outputs itself... why not try pidof?

```
pidof sshd

if [ $? -eq 0 ]

then

  echo running

else

  echo not running

fi 
```

----------

## SilverOne

 *j-m wrote:*   

>  *SilverOne wrote:*   
> 
> I'm running bash.
> 
> I've got no idea why our outputs differ. 
> ...

 

Nope:

```

*  app-shells/bash

      Latest version available: 2.05b-r9

      Latest version installed: 2.05b-r9

```

----------

## j-m

 *SilverOne wrote:*   

>  *j-m wrote:*   
> 
> Do you have bash-3.0  
> 
> Nope:
> ...

 

OK. I have, but it also does not work without quotation marks; I like the pidof version better anyway...  :Smile: 

----------

## cselkirk

 *SilverOne wrote:*   

> I've got no idea why our outputs differ.

 

I had thought maybe zsh was behaving differently, which is why I also tested under bash. What does the following give you?

```
env -i /bin/ps aux | /bin/grep /usr/sbin/[s]shd
```

My guess is it's something in your env.

----------

## SilverOne

 *cselkirk wrote:*   

> 
> 
> My guess is it's something in your env.

 

Might've been but that doesn't appear to be so....

```

# env -i /bin/ps aux | /bin/grep /usr/sbin/[s]shd

root     13358  0.0  0.2   3644  1440 ?        Ss   Jan21   0:01 /usr/sbin/sshd

root      6826  0.0  0.1   1480   868 pts/5    R+   15:05   0:00 /bin/grep /usr/sbin/sshd

# env -i /bin/ps aux | /bin/grep "/usr/sbin/[s]shd"

root     13358  0.0  0.2   3644  1440 ?        Ss   Jan21   0:01 /usr/sbin/sshd

#

```

What's your Bash version?  Or does this have to do with process management?

----------

## lookinin

 *cselkirk wrote:*   

> 
> 
> ```
> env -i /bin/ps aux | /bin/grep /usr/sbin/[s]shd
> ```
> ...

 

The output of that is the same - but here's another idea:

```
# ps aux | grep [s]shd
```

----------

## zbindere

cselkirk: you were right. 

I actually could get in again. my company changed the hostname of the gw.

I use tcpwrappres to limit access to the ssh service so that was the error.

sorry for that  :Embarassed: 

----------

## SilverOne

 *lookinin wrote:*   

>  but here's another idea:
> 
> ```
> # ps aux | grep [s]shd
> ```
> ...

 

Indeed, that skips the 'grep' statement in the process list.  (anybody know why??)

It does however list all instances of SSHD that are handling logged-in users.

The fact that users are logged in is no certain indication of a running SSH daemon.

----------

## lookinin

 *SilverOne wrote:*   

> Indeed, that skips the 'grep' statement in the process list.  (anybody know why??)

 

Because now the grep expression is actually [s]shd, so [s] prevents it from matching because the first character is a bracket

 *SilverOne wrote:*   

> It does however list all instances of SSHD that are handling logged-in users.
> 
> The fact that users are logged in is no certain indication of a running SSH daemon.

 

Unintended side effect - I was just looking for something that worked with grep  :Smile: 

Wow, phpBB really did not like my first version of this reply  :Shocked: Last edited by lookinin on Wed Feb 16, 2005 2:21 pm; edited 1 time in total

----------

## jh294

 *SilverOne wrote:*   

>  *cselkirk wrote:*   
> 
> My guess is it's something in your env. 
> 
> Might've been but that doesn't appear to be so....
> ...

 

Different shells interpret control/meta characters differently and therefore require different quoting.  In the case of BASH, the shell tries to interpret the metecharacter prior to passing it to grep.  To prevent this, quotes are required.  An aternative that will work in either bash or zsh shells is:

```

ps aux | grep /usr/bin/sshd | grep -v grep

```

----------

## SilverOne

 *lookinin wrote:*   

> 
> 
> Unintended side effect - I was just looking for something that worked with grep 
> 
> 

 

Try this (I took your idea and found this:)

```
# ps aux | grep [/]usr/sbin/sshd
```

 *lookinin wrote:*   

> 
> 
> Wow, phpBB really did not like my first version of this reply 

 

No it didn't but I understood what you meant  :Wink: 

----------

## cselkirk

 *SilverOne wrote:*   

> Indeed, that skips the 'grep' statement in the process list.  (anybody know why??)

 

Yes, with the "[s]" the grep will be looking for the regular expression "[s]shd" and as [s]shd is not "sshd" it won't show up in what is returned by grep. More specificly "[]" is a grep regular expression meaning "any single character in the bracketed list".

----------

## j-m

 *jh294 wrote:*   

> 
> 
> ```
> 
> ps aux | grep /usr/bin/sshd | grep -v grep
> ...

 

Umm... No. Nothing. Nada. Zero...  :Laughing: 

----------

## SilverOne

 *cselkirk wrote:*   

> 
> 
> Yes, with the "[s]" the grep will be looking for the regular expression "[s]shd" and as [s]shd is not "sshd" it won't show up in what is returned by grep. More specificly "[]" is a grep regular expression meaning "any single character in the bracketed list".

 

Well I know something about regex's so I got the meaning of [s].  What I did not grasp was why [s]shd (which indeed skipped the grep process) was treated differently than /usr/bin/[s]shd (which showed up as /usr/bin/sshd in the grep process). The first expression is interpreted like we expected, and the second wasn't (well only on cselkirk's machine).

Perhaps different versions of grep?  (don't think so, but I've got no ideas left.)

```

# grep --version

grep (GNU grep) 2.5.1

```

----------

## lookinin

 *Quote:*   

> Try this (I took your idea and found this:)
> 
> ```
> # ps aux | grep [/]usr/sbin/sshd
> ```
> ...

 

Yes, that works nicely.

 *Quote:*   

> It does however list all instances of SSHD that are handling logged-in users. 

 

I just wanted to mention that pidof will also do this.

----------

## SilverOne

 *j-m wrote:*   

>  *jh294 wrote:*   
> 
> ```
> 
> ps aux | grep /usr/bin/sshd | grep -v grep
> ...

 

Try changin /usr/bin/sshd to /usr/sbin/sshd

It works for me then.

----------

## j-m

 *SilverOne wrote:*   

>  *j-m wrote:*   
> 
> Umm... No. Nothing. Nada. Zero...  
> 
> Try changin /usr/bin/sshd to /usr/sbin/sshd
> ...

 

Bingo!  :Razz: 

----------

## cselkirk

 *SilverOne wrote:*   

> What I did not grasp was why [s]shd (which indeed skipped the grep process) was treated differently than /usr/bin/[s]shd (which showed up as /usr/bin/sshd in the grep process). The first expression is interpreted like we expected, and the second wasn't (well only on cselkirk's machine).

 

If i understand your question, I think it's because bash is doing path expansion (and not brace expansion) on the /usr/sbin/[s]shd.

As to why my bash does not expand (either brace or path expansion) when testing this (see above) I have no idea other than the account used to test does not use bash (and there are no rc files read other than from /etc), so it is as "default" as one can get.

----------

