# [SOLVED] SSHD nie startuje

## soban_

Tak jak w temacie probuje wystartowac sshd:

```
/etc/init.d/sshd start
```

no i niby wszystko ok, ale nie startuje. Nmap po przeskanowaniu 127.0.0.1 tez nic nie zwraca (22 port jest zamkniety - w ogole go nie ma), na pinga oczywiscie maszyna odpowiada. Reinstalowalem juz ssh

```
emerge -C virtual/ssh && emerge -vq virtual/ssh
```

jednak efekt ten sam, gdzie moge szukac przyczyny? A i dodam ze ftp z proftpd startuje poprawnie.

----------

## Garrappachc

Odpal ssh bezpośrednio z konsoli i zobacz co wypluje.

----------

## soban_

tzn co masz na mysli bezposrednio z konsoli?

----------

## Garrappachc

Mam na myśli to, żebyś odpalił /usr/sbin/sshd. Zajrzyj do skryptu /etc/init.d/sshd.

----------

## Jacekalex

A która wersja sshd, jak i czym kompilowana i z jakimi flagami, to tajemnica wojskowa, czy koza zjadła?

Konfig sshd i logi z działania ssh też kozioł zeżarł?

Bo ja mam:

```
qlist -ICvUq net-misc/openssh  

net-misc/openssh-5.9_p1-r4 X hpn pam selinux tcpd

net-misc/openssh-blacklist-0.4.1

```

```
telnet localhost  11215

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

SSH-2.0-OpenSSH_5.9p1-hpn13v11

quit

Protocol mismatch.

Connection closed by foreign host.
```

Jak widać, chodzi.

To by było na tyle

 :Cool: 

----------

## soban_

@Garrappachc - robilem tak wczesniej z parametrem start i efekt nadal taki sam (jakby startowal, a nie trybil), sshd wyglada tak:

```
#!/sbin/runscript

# Copyright 1999-2011 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $

extra_commands="checkconfig gen_keys"

extra_started_commands="reload"

depend() {

   use logger dns

   need net

}

SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}

SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}

SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}

checkconfig() {

   if [ ! -d /var/empty ] ; then

      mkdir -p /var/empty || return 1

   fi

   if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then

      eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"

      eerror "There is a sample file in /usr/share/doc/openssh"

      return 1

   fi

   gen_keys || return 1

   [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \

      && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"

   [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \

      && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config"

   "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1

}

gen_key() {

   local type=$1 key ks

   [ $# -eq 1 ] && ks="${type}_"

   key="${SSHD_CONFDIR}/ssh_host_${ks}key"

   if [ ! -e "${key}" ] ; then

      ebegin "Generating ${type} host key"

      ssh-keygen -t ${type} -f "${key}" -N ''

      eend $? || return $?

   fi

}

gen_keys() {

   if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then

      gen_key rsa1 "" || return 1

   fi

   gen_key dsa && gen_key rsa && gen_key ecdsa

   return $?

}

start() {

   checkconfig || return 1

   ebegin "Starting ${SVCNAME}"

   start-stop-daemon --start --exec "${SSHD_BINARY}" \

       --pidfile "${SSHD_PIDFILE}" \

       -- ${SSHD_OPTS}

   eend $?

}

stop() {

   if [ "${RC_CMD}" = "restart" ] ; then

      checkconfig || return 1

   fi

   ebegin "Stopping ${SVCNAME}"

   start-stop-daemon --stop --exec "${SSHD_BINARY}" \

       --pidfile "${SSHD_PIDFILE}" --quiet

   eend $?

}

reload() {

   checkconfig || return 1

   ebegin "Reloading ${SVCNAME}"

   start-stop-daemon --signal HUP \

       --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"

   eend $?

}
```

@Jacekalex tajemnica wojskowa jasne ze nie jest, nie podawalem nic wiecej - bo myslalem ze w czyms innym tkwi blad (tak samo mam skompilowane np na serwerze domowym i trybi) jednak flagi to: hpn, kerberos, pam, tcpd. Przy laczeniu sie telnetem z portem 22 wywala:

```
Connection refused
```

Zas jesli chodzi o konfiguracje /etc/ssh/sshd_config:

```
#   $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options override the

# default value.

#Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

# The default requires explicit activation of protocol 1

#Protocol 2

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 1024

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLogin yes

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

#RSAAuthentication yes

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

# but this is overridden so installations will only check .ssh/authorized_keys

#AuthorizedKeysFile   .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

#GSSAPIStrictAcceptorCheck yes

# Set this to 'yes' to enable PAM authentication, account processing, 

# and session processing. If this is enabled, PAM authentication will 

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

PrintMotd no

PrintLastLog no

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

#ChrootDirectory none

# no default banner path

#Banner none

# override default of no subsystems

Subsystem   sftp   /usr/lib64/misc/sftp-server

# the following are HPN related configuration options

# tcp receive buffer polling. disable in non autotuning kernels

#TcpRcvBufPoll yes

 

# allow the use of the none cipher

#NoneEnabled no

# disable hpn performance boosts. 

#HPNDisabled no

# buffer size for hpn to non-hpn connections

#HPNBufferSize 2048

# Example of overriding settings on a per-user basis

#Match User anoncvs

#   X11Forwarding no

#   AllowTcpForwarding no

#   ForceCommand cvs server
```

Cos jeszcze koza zjadla co potrzeba? d-: Co do wersji openssh to z 6.0_p1 zrobilem downgrade do 5.9_p1-r4 ale efekt nadal jest ten sam...

----------

## SlashBeast

Good grief. Nikt nie chce Twjego sshd z init.d, chodzi o to bys przeczytal jak on jest startowany i to recznie zrobil widzac bledy...

Odpal z palca,  '/usr/sbin/sshd -Dd' i czytaj output...

----------

## soban_

@SlashBeast - z tym co podales '/usr/sbin/sshd -Dd' startuje poprawnie i moge sie nawet polaczyc w skrocie - tak smiga... (bledow niet) wiec nie wiem o co chodzi ze nie moge wystartowac z '/etc/init.d/sshd start' jakies pomysly?

----------

## Jacekalex

A może zawieruszył się plik:

```
/etc/conf.d/sshd
```

dla skryptu startowego z init.d?

Albo ma jakieś błędy lub białe znaki, których mieć nie powinien.

----------

## soban_

No nie wyglada zeby bylo cos dziwnego w nim (tzn ze istnieje tyz):

```
# /etc/conf.d/sshd: config file for /etc/init.d/sshd

# Where is your sshd_config file stored?

SSHD_CONFDIR="/etc/ssh"

# Any random options you want to pass to sshd.

# See the sshd(8) manpage for more info.

SSHD_OPTS=""

# Pid file to use (needs to be absolute path).

#SSHD_PIDFILE="/var/run/sshd.pid"

# Path to the sshd binary (needs to be absolute path).

#SSHD_BINARY="/usr/sbin/sshd"
```

Chodzi Ci o bialy znak w konfiguracji jakies? Usunalem katalog z /etc/ssh + reinstalacja openssh ale nadal to samo, po wygenerowaniu nowego klucza... 

//EDIT

Dobra chyba panowie nie dojdziemy co to jest, jednak znalazlem rozwiazanie mocno na okretne. Skopiowalem pliki konfiguracyjne, rozpakowalem stage3 jeszcze raz i trybi. Zapuszcze za chwile rekompilacje systemu z tymi flagami, szczerze to nie mam pojecia co to powodowalo.

----------

