HPE Community
Operating System - HP-UX
1753835 Members
7547 Online
108806 Solutions
New Discussion юеВ

Re: Fixing sshd after someone hosed /var

 
yaplej
Advisor

тАО08-04-2010 05:13 PM

тАО08-04-2010 05:13 PM

Fixing sshd after someone hosed /var

We had a problem where one of our vendors wiped out /var and restored from a previous backup. Turns out that the backup was from before I installed ssh.

So now when I try to connect with ssh I get "connection refused" and nothing in the syslog about the connect.

Doing some google I found /sbin/init.d/secsh start but it just tells me.

/var/empty must be owned by root and not group or world-writable.
EXIT CODE: 255

From the bits and pieces I have learned they were trying to cleanup the printers in sam and so tried to do a save/restore of the printer config to make sure its clean.

Doing the restore though apparently caused the printers list to be empty so they restored from tape to get the devices back.

Apparently breaking ssh. Grrr.

So how can I get this fixed? Running "ps -ef | grep sshd" shows me that sshd is still running.

root 19916 24414 1 18:12:22 pts/te 0:00 grep sshd

Thank you.
0 Kudos
Reply
5 REPLIES 5
yaplej
Advisor

тАО08-04-2010 06:14 PM

тАО08-04-2010 06:14 PM

Re: Fixing sshd after someone hosed /var

I just fixed the permissions on /var/empty and it was able to start correctly. Duh.
0 Kudos
Reply
Kapil Jha
Honored Contributor

тАО08-04-2010 06:28 PM

тАО08-04-2010 06:28 PM

Re: Fixing sshd after someone hosed /var

;) nice work dude....
i wish somehow u could assign 10 point to yourself.

BR,
Kapil
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО08-04-2010 06:43 PM

тАО08-04-2010 06:43 PM

Re: Fixing sshd after someone hosed /var

> So now when I try to connect with ssh I get
> "connection refused" and nothing in the
> syslog about the connect.

There's nothing in the log because sshd is
not running ("Connection refused"), so it
can't log anything.

> Running "ps -ef | grep sshd" shows me that
> sshd is still running.
>
> root 19916 24414 1 18:12:22 pts/te 0:00 grep sshd

That's your grep command, not the sshd
itself. What _that_ shows is that sshd is
_not_ running, which is consistent with that
"Connection refused" complaint above.
0 Kudos
Reply
yaplej
Advisor

тАО08-08-2010 07:56 PM

тАО08-08-2010 07:56 PM

Re: Fixing sshd after someone hosed /var

Ah woops didnt notice that it was finding the grep command.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО08-08-2010 09:03 PM

тАО08-08-2010 09:03 PM

Re: Fixing sshd after someone hosed /var

> [...] didnt notice that it was finding the
> grep command.

The usual trick in this case is to use a
simple regular expression which won't match
itself. For example:

grep [s]shd

I find it to be a trick worth remembering.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.