Category Archives: SSH

by

su: cannot set user id: Resource temporarily unavailable

We got this error when we tried to SSH into a server. Upon checking the server, which was a VPS, we could see no memory issues, or any resources hitting limits.

The error was fixed when we disabled Shell Fork Bomb Protection. According to cPanel, 

Fork Bomb Protection will prevent users with terminal access (ssh/telnet) from using up all the resources on the server. Unchecked resource allocation can potentially lead to a server crash.
It is recommended that this protection be enabled for servers providing terminal access.

In case of this server, no users were having shell access, so we kept it disabled.

 

by

Host key verification failed error while trying to ssh

We recently encountered an error while trying to ssh into a server.

 

#ssh root@72.34.54.243
Host key verification failed.

Upon checking the error in detail, we got the actual error.

# ssh root@72.34.54.243 -v
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 72.34.54.243 [72.34.54.243] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
Host key verification failed.

So, the issue was due to the /dev/tty ‘special file’ has been removed.

Solution

mknod -m 644 /dev/tty c 5 0

This creates /dev/tty but only allows root to use it, run chmod a+rw /dev/tty

 

by

Errors while upgrading OpenSSH

Usually while upgrading OpenSSH, we encounter the following errors.

configure: error: *** zlib.h missing – please install first or check config.log ***
configure: error: *** OpenSSL headers missing – please install first or check config.log ***
configure: error: PAM headers not found

We can fix this by installing the following packages.
# yum install zlib-devel
# yum install openssl-devel
# yum install pam-devel

by

SSH: Agent Admitted Failure To Sign Using The Key Error And Solution

Recently we regenerated and uploaded a new public ssh-key using the ssh-copy-id command. Now getting the following error:

ssh root@server3
Agent admitted failure to sign using the key.
root@server3’s password:

To fix this problem run the ssh-add command to add RSA or DSA identities to the authentication agent. This will fix your problem without login out from the current session:
$ ssh-add

 

by

ssh_exchange_identification: Connection closed by remote host

 Got the above error when trying to ssh to server from an IP

Open the file /etc/hosts.deny

# vi /etc/hosts.deny

Delete your IP address. Save and close the file.

# vi /etc/hosts.allow

Add the IP in hosts.allow file to whitelist. Save and exit and restart ssh.

If the IP is still getting listed in the deny file, do the following.

# cd /usr/share/denyhosts/data

This directory will contain the following files.

1. hosts
2. hosts-restricted
3. hosts-root
4. hosts-valid
5. users-hosts

grep these files for the IP.

# grep -rl xx.xx.xx.xx ./

remove the entries of IP from these files

restart ssh