[BlueOnyx:01461] Re: SSH Closes Connection

Richard Sidlin richard at sidlin.co.uk
Sun Jun 21 12:12:00 PET 2009

Thanks Chris. It is in a remote datacentre but it will probably mean a trip 
to go there tomorrow, it's
only about 45 mins away. Definitely the right admin password as it logs into 
the admin GUI OK. I have changed the password but that makes no difference. 
It kicks the connection out as soon as you hit enter after entering the 
password. Once I get there tomorrow, what should I look at?

As I mentioned, it's the same with telnet and SCP. Doesn't get as far as 
saying access denied or wrong password. One things that may have been an 
issue, we had a general problem with authentication last week and I followed 
the Nuonce procedure (as below). Do you think that that may have caused the 


1. Stop ALL running Processes.

      The following daemons need to be shutdown. They use system
authentication and should be properly shutdown to avoid corrupting the
password database. If you installed any application that authenticates
against the user database, please shut that down as well!

      /sbin/service crond stop
      /sbin/service admserv stop
      /sbin/service httpd stop
      /sbin/service xinetd stop
      /sbin/service dovecot stop
      /sbin/service sendmail stop
      /usr/bin/killall -9 sendmail
      /sbin/service saslauthd stop
      /sbin/service cced.init stop

      After EVERYTHING is stopped running, issue the following command.
      /sbin/service dbrecover stop
   2. MAKE Backups!!!!

      /bin/mkdir -p /SYSTEM-BACKUP
      cd /var/db/
      /bin/tar cfvpz /SYSTEM-BACKUP/var-db.tgz *
      /bin/cp /etc/passwd /SYSTEM-BACKUP/
      /bin/cp /etc/shadow /SYSTEM-BACKUP/
      /bin/cp /etc/group /SYSTEM-BACKUP/
      /bin/cp /usr/sausalito/perl/Base/User.pm /SYSTEM-BACKUP/
      /bin/cp /usr/sausalito/perl/Base/Group.pm /SYSTEM-BACKUP/
      /bin/cp /etc/pam.d/system-auth /SYSTEM-BACKUP/
      /bin/cp /etc/sysconfig/saslauthd /SYSTEM-BACKUP/saslauthd
      /bin/cp /etc/nsswitch.conf /SYSTEM-BACKUP/
   3. Lets "unconvert" the database back to flat files.

      cd /var/db
      #### Watch Line Wrap -- Next 3 lines ####

      /usr/bin/makedb -u passwd.db | /bin/grep -v "^=" | /usr/bin/perl -p -e
"s/(^\..*?) //" >> /etc/passwd

      /usr/bin/makedb -u shadow.db | /usr/bin/perl -p -e "s/(^\..*?) //" >>

      /usr/bin/makedb -u group.db | /bin/grep -v "^=" | /usr/bin/perl -p -e
"s/(^\..*?) //" >> /etc/group

   4. Clean up the old password & shadow database now

      cd /var/db
      /bin/touch passwd shadow group
      /usr/bin/makedb -o passwd.db passwd
      /usr/bin/makedb -o shadow.db shadow
      /usr/bin/makedb -o group.db group
      /bin/rm -f passwd shadow group
   5. Verify they are indeed blank to avoid any issues.

      cd /var/db
      /usr/bin/makedb -u passwd.db
      /usr/bin/makedb -u shadow.db
      /usr/bin/makedb -u group.db
   6. Make a change to the BlueQuartz backend so that it uses /etc/passwd &
/etc/shadow instead

      cd /usr/sausalito/perl/Base/
      /usr/bin/pico User.pm

      Search for:
      sub useradd

      Two lines below that, replace:
      return _internal_useradd([PWDB_UNIXDB, PWDB_SHADOWDB], @_);
      return _internal_useradd([PWDB_UNIX, PWDB_SHADOW], @_);

      Save the file, and exit it.
   7. Make a change to the BlueQuartz backend so that it uses /etc/group

      cd /usr/sausalito/perl/Base/
      /usr/bin/pico Group.pm

      Search for:
      sub groupadd

      Two lines below that, replace:
      return _internal_groupadd([PWDB_UNIXDB, PWDB_SHADOWDB], @_);
      return _internal_groupadd([PWDB_UNIX, PWDB_SHADOW], @_);

      Save the file, and exit it.
   8. Change nsswitch.conf so it won't look at the old database

      /usr/bin/perl -pi -e "s#db files#files#" /etc/nsswitch.conf
   9. Change saslauthd so it won't look at the old database

      /usr/bin/perl -pi -e "s#^MECH=pam#MECH=shadow#"
  10. Rebuild PAM's system-auth configuration

      cd /etc/pam.d/
      /bin/mv system-auth system-auth.backup
      /usr/bin/wget http://www.nuonce.net/bq/system-auth.txt
      /bin/mv system-auth.txt system-auth
  11. Start the processes back up.

      /sbin/service dbrecover start
      /sbin/service xinetd start
      /sbin/service dovecot start
      /sbin/service saslauthd start
      /sbin/service sendmail start
      /sbin/service cced.init start
      /sbin/service admserv start
      /sbin/service httpd start
      /sbin/service crond start
  12. Now that all services should be running again, go ahead and test

      Everything should work with out any issues.

From: "Chris Gebhardt - VIRTBIZ Internet" <cobaltfacts at virtbiz.com>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Sunday, June 21, 2009 4:11 PM
Subject: [BlueOnyx:01460] Re: SSH Closes Connection

> Richard Sidlin wrote:
>> Hi
>> When I connect to my server via SSH, it asks for the login as: and when
>> I type in the password, I get Server unexpectedly closed network
>> connect. Actaully, this is a Blue Quartz box. I have never had a problem
>> with this before. I have used two different usernames and both do the
>> same and I have tried accessing it from different machines and still the
>> same.
>> Access to the admin GUI is fine. I have rebooted the server but this
>> made no difference.
> You are certain that you are using the correct usr/pwd combo?
> Here is what I would try on the chance that somebody has run passwd from
> the CLI:
> 1) Log into GUI as admin and go to Personal Profile, Account and set a
> new password.
> 2) Log into CLI as admin using the password you jus set from the GUI.
> That should let you in.
> 3) See if you can su - to root now using the same password.
> That ought to work.   If it doesn't, I suppose you could always reboot
> the box into single user mode and reset the password that way.  If the
> box is in a remote datacenter you can have the datacenter staff help you
> with it or if they're like us, they can provide you with an IP-KVM so
> that you can reboot the box and watch it go through POST and GRUB so you
> can have virtual console access to it.
> HTH,
> -- 
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
> -- 
> This message has been scanned for viruses and
> dangerous content by the Help Internet
> MailScanner, and is believed to be clean.

More information about the Blueonyx mailing list