PDA

View Full Version : sshd not starting on bootup



fishter
14th December 2007, 01:07 PM
My sshd does not start correctly on boot-up.

I have checked that it is set to start with <code>/sbin/chkconfig sshd on</code>.

If I start it on the command line with <code>sudo /usr/sbin/sshd -dD</code> (the -dD means don't daemonise and give debug log messages), I get told it cannot bind to :: or 0.0.0.0 on the port I specified (not the default). This was never a problem on FC6.

How do I find out what other service is binding to the port that I want to use?

mattywix
14th December 2007, 07:30 PM
what runlevel do you want it to start in? What runlevel are you in? type /sbin/runlevel to find out.
Eg to have it run for levels 3,4 and 5:
Then /sbin/chkconfig --level 345 sshd on

The better way to switch it on and off:
/sbin/service sshd stop
/sbin/service sshd start

mattywix
14th December 2007, 07:31 PM
To see if anything is using its port :
/sbin/lsof i:22

Seve
14th December 2007, 07:32 PM
Hello:
See if this applies to you :
Cannot start ssh: Service will not start after installation of the x86_64 version (https://fedoraproject.org/wiki/Bugs/F8Common#head-70c69310e6476a53cfbcb944b1de4f898f16cbb4)

Seve

mattywix
14th December 2007, 08:03 PM
and sorry that lsof should be lsof -i:22, which tests who is using port 22

fishter
14th December 2007, 08:16 PM
See if this applies to you :
Cannot start ssh: Service will not start after installation of the x86_64 version (https://fedoraproject.org/wiki/Bugs/F8Common#head-70c69310e6476a53cfbcb944b1de4f898f16cbb4)

I don't have selinux enabled, so this isn't the bug.

Thanks for looking though.

fishter
14th December 2007, 08:19 PM
and sorry that lsof should be lsof -i:22, which tests who is using port 22
I'll give that a go when I next get a chance to reboot. The system is a media centre, so I have to fit in the maintenance around the TV schedule!
Thanks

fishter
14th December 2007, 08:21 PM
what runlevel do you want it to start in? What runlevel are you in? type /sbin/runlevel to find out.
Eg to have it run for levels 3,4 and 5:
Then /sbin/chkconfig --level 345 sshd on

/sbin/chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

The better way to switch it on and off:
/sbin/service sshd stop
/sbin/service sshd start

Doesn't that just do the same as /etc/init.d/sshd <start|stop>

mattywix
15th December 2007, 02:55 PM
Lets go back a step....
what happens if you start the service using /sbin/service.... or /etc/init.d/ssh.... from the command line? How did you know it wasnt starting using these which are the way the system starts it (as opposed to your stand-alone command directly starting it)?

fishter
15th December 2007, 03:17 PM
Lets go back a step....
what happens if you start the service using /sbin/service.... or /etc/init.d/ssh.... from the command line? How did you know it wasnt starting using these which are the way the system starts it (as opposed to your stand-alone command directly starting it)?

The sshd service isn't starting at boot up. I know this because:
1. I can't log in remotely.
2. Locally ps aux | grep ssh returns nothing except the entry with grep.

If I start sshd either from the command line using /usr/sbin/sshd, /etc/init.d/sshd start or /sbin/service sshd start then it works.

I'll try some more diagnostics later this weekend; the machine is currently in use and I can't reboot it to diagnose any further.

mattywix
15th December 2007, 04:16 PM
ok point 2 tells us its not running. Point 1 doesnt mean much because we dont know what your iptables settings are for this system nor for the client system. You still havent said what runlevel you boot into - have a look in /etc/inittab.

fishter
15th December 2007, 04:43 PM
ok point 2 tells us its not running. Point 1 doesnt mean much because we dont know what your iptables settings are for this system nor for the client system. You still havent said what runlevel you boot into - have a look in /etc/inittab.

/etc/inittab has the following entry, and others of course.

id:5:initdefault:


iptables:

[gee@myth ~]$ sudo /sbin/iptables --list
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

mattywix
18th December 2007, 12:42 PM
ok, so you're booting into level 5.
now check that chkconfig has created the link for sshd into that runlevel so it'll be run ...
ls -l /etc/rc.d/rc5.d | grep ssh
lrwxrwxrwx 1 root root 14 2007-11-30 15:59 S55sshd -> ../init.d/sshd

fishter
18th December 2007, 01:00 PM
/sbin/chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

and


ls -l /etc/rc.d/rc5.d/ | grep sshd
lrwxrwxrwx 1 root root 14 2007-12-11 23:31 S55sshd -> ../init.d/sshd

mattywix
18th December 2007, 03:53 PM
so its all there.
Can you ssh localhost ?
what do you get if you run the following as root?
/usr/sbin/lsof -i:22
should be:
sshd 2154 root 3u IPv6 8302 TCP *:ssh (LISTEN)

bogwire
18th December 2007, 04:42 PM
Hi,

I have a similar problem on F8, which I've posted into the Servers section as thread SSH connection only possible after someone has logged in directly (http://forums.fedoraforum.org/showthread.php?p=925117). Thus, sshd does start automatically, but only once a user is logged in. This is of course not sufficient if you only or mainly want to connect remotely via ssh. The system also boots into runlevel 5:
[root@localhost ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@localhost ~]# runlevel
N 5

[root@localhost ~]# ls -l /etc/rc.d/rc5.d | grep S
lrwxrwxrwx 1 root root 15 2007-12-09 23:43 S05kudzu -> ../init.d/kudzu
lrwxrwxrwx 1 root root 18 2007-12-09 23:39 S06cpuspeed -> ../init.d/cpuspeed
lrwxrwxrwx 1 root root 19 2007-12-10 01:29 S08ip6tables -> ../init.d/ip6tables
lrwxrwxrwx 1 root root 18 2007-12-10 01:28 S08iptables -> ../init.d/iptables
lrwxrwxrwx 1 root root 14 2007-12-09 23:54 S09isdn -> ../init.d/isdn
lrwxrwxrwx 1 root root 17 2007-12-09 23:43 S10network -> ../init.d/network
lrwxrwxrwx 1 root root 16 2007-12-09 23:35 S11auditd -> ../init.d/auditd
lrwxrwxrwx 1 root root 21 2007-12-09 23:45 S12restorecond -> ../init.d/restorecond
lrwxrwxrwx 1 root root 20 2007-12-10 01:45 S13irqbalance -> ../init.d/irqbalance
lrwxrwxrwx 1 root root 17 2007-12-09 23:35 S13rpcbind -> ../init.d/rpcbind
lrwxrwxrwx 1 root root 17 2007-12-09 23:54 S14nfslock -> ../init.d/nfslock
lrwxrwxrwx 1 root root 19 2007-12-09 23:52 S15mdmonitor -> ../init.d/mdmonitor
lrwxrwxrwx 1 root root 19 2007-12-09 23:54 S18rpcidmapd -> ../init.d/rpcidmapd
lrwxrwxrwx 1 root root 17 2007-12-09 23:54 S19rpcgssd -> ../init.d/rpcgssd
lrwxrwxrwx 1 root root 15 2007-12-09 23:43 S25netfs -> ../init.d/netfs
lrwxrwxrwx 1 root root 15 2007-12-09 23:59 S25pcscd -> ../init.d/pcscd
lrwxrwxrwx 1 root root 17 2007-12-10 02:09 S26rsyslog -> ../init.d/rsyslog
lrwxrwxrwx 1 root root 19 2007-12-09 23:43 S26udev-post -> ../init.d/udev-post
lrwxrwxrwx 1 root root 20 2007-12-10 02:09 S27messagebus -> ../init.d/messagebus
lrwxrwxrwx 1 root root 24 2007-12-10 02:09 S27setroubleshoot -> ../init.d/setroubleshoot
lrwxrwxrwx 1 root root 16 2007-12-09 23:39 S28autofs -> ../init.d/autofs
lrwxrwxrwx 1 root root 19 2007-12-10 02:09 S50bluetooth -> ../init.d/bluetooth
lrwxrwxrwx 1 root root 17 2007-12-10 02:09 S50iprinit -> ../init.d/iprinit
lrwxrwxrwx 1 root root 19 2007-12-10 02:09 S50iprupdate -> ../init.d/iprupdate
lrwxrwxrwx 1 root root 17 2007-12-10 02:09 S51iprdump -> ../init.d/iprdump
lrwxrwxrwx 1 root root 14 2007-12-09 23:54 S55sshd -> ../init.d/sshd
lrwxrwxrwx 1 root root 18 2007-12-10 02:09 S80sendmail -> ../init.d/sendmail
lrwxrwxrwx 1 root root 20 2007-12-09 23:43 S90ConsoleKit -> ../init.d/ConsoleKit
lrwxrwxrwx 1 root root 15 2007-12-09 23:39 S90crond -> ../init.d/crond
lrwxrwxrwx 1 root root 13 2007-12-09 23:39 S95atd -> ../init.d/atd
lrwxrwxrwx 1 root root 22 2007-12-09 23:43 S96avahi-daemon -> ../init.d/avahi-daemon
lrwxrwxrwx 1 root root 22 2007-12-09 23:56 S97yum-updatesd -> ../init.d/yum-updatesd
lrwxrwxrwx 1 root root 14 2007-12-09 23:52 S98cups -> ../init.d/cups
lrwxrwxrwx 1 root root 19 2007-12-09 23:58 S98haldaemon -> ../init.d/haldaemon
lrwxrwxrwx 1 root root 24 2007-12-11 00:48 S98NetworkManager -> ../init.d/NetworkManager
lrwxrwxrwx 1 root root 34 2007-12-11 00:49 S98NetworkManagerDispatcher -> ../init.d/NetworkManagerDispatcher
lrwxrwxrwx 1 root root 17 2007-12-09 23:54 S99anacron -> ../init.d/anacron
lrwxrwxrwx 1 root root 19 2007-12-09 23:51 S99firstboot -> ../init.d/firstboot
lrwxrwxrwx 1 root root 11 2007-12-09 23:43 S99local -> ../rc.local

mbiggerstaff
20th December 2007, 10:54 AM
Greetings.

My Fedora 8 server has the same problems. A few details I noticed:

Unless someone has logged on my server, I see:

Cron jobs doesn't fire
sshd won't respond
requested to send mail aren't processed (probably blocked by cron not working)
Doesn't seem to be any network activity at all


After someone logs in, every thing runs as expected.

Other details: I used YUM to upgrade from Fedora 7 to Fedora 8. So, I didn't do a clean install. Other than a recursive dependency problem during installation with YUM and a selinux policy problem with sshd (customized port settings) after installation, I didn't have any other problems performing the update.

I have checked the chkconfig and I don't see an obvious problem (limited experience with chkconfig so I might be staring right it.) I do see that sshd, sendmail, network, and most other services are set up to start at run Level 2. However, I'm not sure about the NetworkManager starting at Level 3 and the NetworkManagerDispatcher not running at all.

See chkconfig results:



ConsoleKit 0:off 1:off 2:off 3:on 4:on 5:on 6:off
NetworkManager 0:off 1:off 2:off 3:on 4:on 5:on 6:off
NetworkManagerDispatcher 0:off 1:off 2:off 3:off 4:off 5:off 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off
capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:off 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:off 6:off
dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dund 0:off 1:off 2:off 3:off 4:off 5:off 6:off
fedora-live-kde 0:off 1:off 2:off 3:on 4:on 5:on 6:off
firstboot 0:off 1:off 2:off 3:on 4:off 5:off 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
isdn 0:off 1:off 2:on 3:on 4:on 5:off 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
libvirtd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:off 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nasd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nmb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
pand 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
qemu 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
readahead_later 0:off 1:off 2:off 3:off 4:off 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rpcbind 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:on 6:off
smolt 0:off 1:off 2:on 3:on 4:on 5:on 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:off 4:off 5:on 6:off
tux 0:off 1:off 2:off 3:off 4:off 5:off 6:off
udev-post 0:off 1:off 2:off 3:on 4:on 5:on 6:off
vncserver 0:off 1:off 2:off 3:off 4:off 5:on 6:off
vsftpd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:on 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xend 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xendomains 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yum-updatesd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
rsync: on
tcpmux-server: off
time-dgram: off
time-stream: off



Under Fedora 7, I didn't have these problems. After the YUM upgrade and with the same configuration, I have these problems with Fedora 8.

I'm hoping for a solution soon - my server is current on the other side of the planet and it's a bit hard to get "someone to log in" at the console after every reboot (ie. I am delaying security updates which require reboots until this is fixed.)

Regards,
Mike

bogwire
23rd December 2007, 03:23 PM
I have dropped Fedora 8 and went back to version 7 - no problems there. That seems to be the only solution for now. Anybody who wants to use Fedora as a server system should currently NOT consider to use Fedora 8 at all. It's just too buggy, unfortunately.

mattywix
27th December 2007, 01:31 PM
There is nothing wrong with Fedora 8 as a server. sshd works perfectly on mine. We should continue to work methodically through this problem. It is down to something unique about your system.
Perhaps the network interfaces are not started at the time your sshd starts - could be the order of your services is wrong. Do you have a LAN interface or is it wireless only on your system?
Try put a line "/sbin/ifconfig -a > /tmp/outfile" into your init.d/sshd and restart your system and see what you get in /tmp/outfile. Dont telinit 5 - rather restart just to be sure we get the same result as at startup.

bogwire
29th December 2007, 03:06 PM
I have reinstalled a fresh Fedora 8 and recognized that the sshd-without-login problem is not present on a default system, it also works fine after applying all official updates.

Per default, the NetworkManager does not autostart on boot. If you set it to do so (chkconfig NetworkManager on), beginning at the next reboot, the sshd-without-login problem is there. So, maybe the problem is caused by the priority NetworkManager will be started at (98)?

mattywix
11th January 2008, 04:54 PM
bogwire, you've nailed it! Maybe you should tell the fedora people so they can fix their rpm's to get the order right?

mbiggerstaff
16th January 2008, 11:36 AM
So Bogwire has identified the problem with the NetworkManager not auto-loading at boot and thus blocking sshd (and other things) from running without a console log in.

How is this fixed? What CLI tool is used and what should the priority be set to for NetworkManager?

Curious, Frustrated and non-rebooting-until-fixed,
Mike

mattywix
16th January 2008, 01:14 PM
Dont use NetworkManager then. Who needs it anyway!

mbiggerstaff
17th January 2008, 11:35 AM
All,

Does anyone else have some more informative assistance about NetworkManager? Perhaps someone from the Fedora team could lend some valuable expertise?

Mike