[SSHD] connection closed immediately on login

Beeblebrox

Beeblebrox

sshd is running and accepts connections, but claims that the "user disconnected" immediately after login. It also complains as:
Code: 
csh: No such file or directory
  • I have tried different users
  • I created a separate test user just for this
  • I have tried linux clients and from host its self
All give same result. /etc/ssh/sshd_config has no modifications at all (file unmodified as placed by distribution). What is the reason for the disconnect and the shell error message?

$ ssh bob@localhost
Code: 
Password for bob@domain.name:
Last login: Wed Nov  6 07:51:14 2013 from 192.168.2.1
FreeBSD 9.2-STABLE
<MOTD MESSAGE>
Environment:
  USER=bob
  LOGNAME=bob
  HOME=/home/bob
  MAIL=BLOCKSIZE=K
  PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/games:/usr/local/kde4:/data/i386/usr/local/bin:/usr/local/libexec/ccache
  TERM=xterm
  FTP_PASSIVE_MODE=YES
  MM_CHARSET=UTF-8
  SHELL=/bin/csh
  SSH_CLIENT=127.0.0.1 57268 22
  SSH_CONNECTION=127.0.0.1 57268 127.0.0.1 22
  SSH_TTY=/dev/pts/2
csh: No such file or directory
Connection to localhost closed.
# /usr/sbin/sshd -d
Code: 
debug1: HPN Buffer Size: 65536
debug1: sshd version OpenSSH_6.2p2_hpn13v11 FreeBSD-20130515, OpenSSL 0.9.8y 5 Feb 2013
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
debug1: HPN Buffer Size: 65536
Server listening on 0.0.0.0 port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 127.0.0.1 port 57268
debug1: HPN Disabled: 0, HPN Buffer Size: 65536
debug1: Client protocol version 2.0; client software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: permanently_set_uid: 22/22 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
Address 127.0.0.1 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! [preauth]
debug1: userauth-request for user bob service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "bob"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: userauth-request for user bob service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: keyboard-interactive devs  [preauth]
debug1: auth2_challenge: user=bob devs= [preauth]
debug1: kbdint_alloc: devices 'pam' [preauth]
debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Postponed keyboard-interactive for bob from 127.0.0.1 port 57268 ssh2 [preauth]
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 0
Postponed keyboard-interactive/pam for bob from 127.0.0.1 port 57268 ssh2 [preauth]
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for bob from 127.0.0.1 port 57268 ssh2
debug1: monitor_child_preauth: bob has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 1550
debug1: PAM: establishing credentials
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1551
debug1: session_exit_message: session 0 channel 0 pid 1551
debug1: session_exit_message: release channel 0
debug1: session_by_tty: session 0 tty /dev/pts/2
debug1: session_pty_cleanup: session 0 release /dev/pts/2
Received disconnect from 127.0.0.1: 11: disconnected by user
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
 
What shell does the user have? It looks like it's not set correctly.
 
/etc/shells:
Code: 
/bin/sh
/bin/csh
/bin/tcsh
/usr/local/bin/bash
/usr/local/bin/rbash
/usr/local/libexec/git-core/git-shell

Code: 
[CMD]$ grep bob /etc/passwd[/CMD]  =>  bob:*:1009:0:BOB:/home/bob:/bin/csh
[CMD]$ echo $SHELL [/CMD] =>  /bin/csh
[CMD]$ chsh [/CMD] =>  #Changing user information for bob \ Shell: /bin/csh

No settings made in /etc/ssh regarding PermitUserEnvironment or shells.
 
Apparently /bin/csh doesn't exist anymore on your system. Or perhaps the permissions are screwed up.
Code: 
dice@armitage:~% ls -al /bin/csh
-r-xr-xr-x  2 root  wheel  382064 Oct  3 15:17 /bin/csh
 
Code: 
$ ls -al /bin/*sh
lrwxr-xr-x  1 root  wheel      19 Sep  9 14:26 /bin/bash -> /usr/local/bin/bash
-r-xr-xr-x  2 root  wheel  374008 Oct 27 14:45 /bin/csh
-r-xr-xr-x  1 root  wheel  141336 Oct 27 14:45 /bin/sh
-r-xr-xr-x  2 root  wheel  374008 Oct 27 14:45 /bin/tcsh

Code: 
$ ssh bob@localhost -s /bin/sh
Password for [email]bob@domain.name[/email]:
subsystem request failed on channel 0

All shells work from tty* normally and csh, being the default is not giving any problems on host.
It seems I'm an expert in getting my system to come up with the strangest errors.
 
Please check permissions on /usr/libexec/sftp-server. You may also want to # tail -f /var/log/messages /var/log/auth to see what SSHD and other subsystems says during login.
 
Hi @Savagedlight,
Code: 
$ ll /usr/libexec/sftp-server
-r-xr-xr-x  1 root  wheel  36360 Oct 27 14:46 /usr/libexec/sftp-server*
My first post shows sshd as started in debug mode, hence the related output. Changed shell to sh for bob
Code: 
$ grep bob /etc/passwd[/CMD] => bob:*:1009:0:bob:/home/bob:/bin/sh
and re-tried [file]ssh -vv[/file]. notice "csh: No such file or directory" message:
[code]Password for bob@domain.name:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([127.0.0.1]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
Last login: Wed Nov  6 15:56:04 2013
debug2: tcpwinsz: 81660 for connection: 3
FreeBSD 9.2-STABLE
<MOTD>
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
[color="Red"][B]csh: No such file or directory[/B][/color]
debug2: tcpwinsz: 81660 for connection: 3
[color="Red"][B]debug2: channel 0: rcvd eof[/B][/color]
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: tcpwinsz: 81660 for connection: 3
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug2: tcpwinsz: 81660 for connection: 3
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed.
Transferred: sent 2724, received 2528 bytes, in 0.0 seconds
Bytes per second: sent 555704.5, received 515719.9
debug1: Exit status 1
 
Last edited by a moderator:
Odd, even with the shell set to sh it's still looking for csh. You might want to check the user's ~/.ssh/config and look for LocalCommand. Or perhaps it's the user's ~/.login that's causing it.
 
Here's how I solved this: After buildworld/installworld, I backed-up my /etc folder and did # make distribution. SSHD started working fine after that. I suspect the problem was related to PAM settings.

I then had to manually sort through my backed-up /etc folder to restore my preferred settings.
 
You must log in or register to reply here.
Back
Top