sshd won't start

[cshepherd]

Hey guys,

I've tried this so many times and I can't figure out how to get sshd to start.

I have a clean Debian Sarge VServer install.

I installed these packages before installing Zimbra;
curl fetchmail file ftp gnupg libexpat1 libgmp3 libstdc++6 libxml2 lynx make ncftp openssl perl ssh sudo unzip wget zip

Ran the Zimbra4.0 install which went without a hitch except it couldn't create documents.

All services are started and confirmed running with zmcontrol status.

I can log into the client and admin interface. The only indication that something is wrong is when checking the queues.

Message: system failure: exception during auth {RemoteManager: mail.test.com -> zimbra@mail.test.com:22}

and heaps of other stuff after it.

I ran a netstat and couldn't see anything listening on port 22. I tried to ssh localhost and connection is refused. I've tried reinstalling and reconfiguring ssh and just can't get it to run.

I don't get any errors when starting or restarting ssh and I've tried binding to a different port.

Anyone had this issue before?

[gihrig]

Well, me too ...

VMWare Server 1.0.1, CentOS 4.4 & zimbra 4.0.

ssh worked through the end of the Zimbra install, I did the install through ssh. After the install I was able to hit the Zimbra user login page, but not the Zimbra admin page. At this point I had an ssh session open.

I rebooted the server to see if that might help the admin login issue and that was the end of ssh, still no response from zimbra on https://ip_address:7071/zimbraAdmin.

I still get the zimbra user login page at http://ip_address, even after forcing a refresh (Ctrl-F5), but when I enter the zimbra admin acount (admin@server.domain.tld) I get 'A network error has occured...'

I can restart ssh and see expected log entries in /var/log/messages.

netstat shows 'tcp 0 0 :::22' is listening (which I think means it's listening on all supported ip's?, still a little new to *nix).

I tried changing the ssh port and that shows up in netstat at the new port, but still no response.

The bottom line is no response from ssh, PuTTY says 'connection time out' and poor response (first hit ok, the nothing) from apache. There seem to be severe network errors that are new after the Zimbra install.

While this is a test install, I do have a client anxiously asking if I can set up Zimbra for him next week, so any advice wouild be quite welcome!

[dijichi2]

i can:t imagine anything that zimbra ships would get in the way of ssh, so this is kinda bizarre. try doing:
ps -ef |grep sshd
do you have running sshd processes?

choose the sshd process with parent process 1. do:
lsof -p [pid]
make sure there:s nothign else obviously wierd
lsof -p [pid] |grep zimbra
there shouldn:t be anything returned for this - it would indicate for some reason zimbra libs are conflicting, but i can't see why this would be the case

you could also attach a tracer to the master ssh process to see what is going on:
strace -f -p [pid]

[cshepherd]

ps shows no running processes.

/etc/init.d/ssh start
Starting OpenBSD Secure Shell server: sshd.

/etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.

After either of these there are no logs to indicate a failure to start.
There are also no indications that it has started, i.e. netstat shows nothing listening on port 22 and ps shows no running sshd processes.

Config is entirely default and I've tried dpkg-reconfigure ssh to no avail.

I don't know where to look from here.

[dijichi2]

anything in /var/log/messages? does 'ldd -r /usr/sbin/sshd' look ok?

i would recommend completely uninstalling ssh/sshd, including a purge, then reinstall. past that, you need to get this working first before you install zimbra! this is an os issue, not a zimbra issue.

[dijichi2]

make sure this file doesn't exist:
/etc/ssh/sshd_not_to_be_run

you could also add:
-d

to SSHD_OPTS= in /etc/defaults/ssh

[cshepherd]

Thanks dijichi2,

You've pointed me in the right direction anyway. Here's the relevant part of the -d output.

Bind to port 22 on 0.0.0.0 failed: Address already in use.
Cannot bind any address.

Although I can't see anything running on port 22 no matter what I do.
I also can't bind it to 127.0.0.1 or the local ip for the same reason.

I changed the port to 622 and then told Zimbra about the change with;
zmprov mcf zimbraRemoteManagementPort 622

Zimbra is now fully functional.

[dijichi2]

hey cshepard, that really is wierd. i'd be inclined to 'apt-get chkrootkit' just in case!

you get nothing from this?
netstat -an |grep LISTEN |grep 22

how about:
lsof -i TCP:22

lsof +L1 will show suspicuous processes from files that have been unlinked, although there will be quite a few from zimbra

[cshepherd]

It sure is.

I don't get anything out of any combination of netstat commands.
lsof -i TCP:22 returns nothing and lsof +L1 returns some Zimbra mysql and tomcat processes. Nothing else.

I'm putting it down to the fact it's a Debian VServer running inside an Ubuntu host. Maybe there's something it doesn't like.

These are the only lines that chkrootkit turned up. The rest were not found or not infected...

Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `sniffer'... /proc/1/fd: Permission denied
eth0: not promisc and no packet sniffer sockets