View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007812||CentOS-6||openssh-server||public||2014-10-31 18:11||2014-12-14 17:32|
|Platform||x86_64 VMWare||OS||CentOS||OS Version||6.6|
|Target Version||Fixed in Version|
|Summary||0007812: rsyslog or syslog-ng while running stop ssh access to server|
|Description||After updating from 6.5 to 6.6 centos i was unable to ssh into the server or log in from the console. i first disabled selinux and was able to log into the server at the console but not remotly. I then tried running sshd with $(wich sshd) -Ddp 10222 an open port same result. I then stopped rsyslog and ssh worked as normal. I re-enabled selinux and it was still fine i then set up syslog-ng and started it, again i could not ssh into the server. i get the following while logging is on.|
"ssh_exchange_identification: Connection closed by remote host"
|Tags||No tags attached.|
We are seeing this behavior as well in our recent yum update from 6.5 to 6.6.
Downgrading from rsyslog-5.8.10-9.el6.x86_64 to the previous version rsyslog-5.8.10-8.el6.x86_64 still blocked sshd so perhaps it's openssh that's the problem? Old version was openssh-5.3p1-94.el6.x86_64, new one is openssh-5.3p1-104.el6.x86_64
As a workaround I've disabled rsyslog.
|I have discovered you can update openssh opessl the kernel and rsyslog with no issues I thought at first the issue may be sssd but the latest server i updated did not use it. I will now install one update at a time until I find the issue, as turning off system logging is not an option for us.|
The problem is with package nss-softokn-freebl-3.14.3-17.el6.x86_64
Updating from 3.14.3-12 to 3.14.3-17 caused the ssh problems listed as well as unable to su or login from console with a password. If you disable the password, you are able to login; however, the package affects the GUI panel from displaying at all. When attempting to ssh, /var/log/secure displays an error: "sshd[#####]: error: setsocket SO_KEEPALIVE: Bad file descriptor"
Turning off rsyslog is a workaround. However, I rolled back my version of nss-softokn-freebl to 3.14.3-12.el6_5.x86_64 so I could keep rsyslog enabled.
|I am very confused about this problem. I have updated multiple servers and do no know of any differences between them; however, one works fine and two have the problem listed here.|
We can confirm the issue and the workarounds above on an OpenVZ platform on clean boxes. This is effectively blocking us from using CentOS 6.6.
Shall we report it mozilla nss upstream? nss is already in the 3.17 versions though, and maybe it has been fixed (can't find anything similar in the bug reports though). I will try to allocate some time to test with a newer nss version and report back.
Frankly, I'm quite surprised how bad this bug is, as it just makes CentOS 6.6 fully unusable at this point :(
|I can confirm this problem, after investigation i found out removing the prelink package (prelink-0.4.6-3.1.el6_4) solves the problem.|
Hopefully today's nss bug fix will cure it (fingers crossed)
My misteak, this was to fix the "POODLE" issue.
I am also seeing something similar to what you see:
Thanks mgiesen, you saved my life.
I can aknowledge the bug. Removing prelink package (prelink-0.4.6-3.1.el6_4) workarounds really the issue.
This bug is rendering the whole box to be unusable.
|2014-10-31 18:11||lgilbert||New Issue|
|2014-11-03 00:38||russellsmithies||Note Added: 0021513|
|2014-11-06 21:44||lgilbert||Note Added: 0021576|
|2014-11-07 12:16||sreece84||Note Added: 0021585|
|2014-11-10 14:49||sreece84||Note Added: 0021622|
|2014-11-12 11:51||hsanjuan||Note Added: 0021642|
|2014-11-14 10:42||mgiesen||Note Added: 0021689|
|2014-12-08 03:23||russellsmithies||Note Added: 0021877|
|2014-12-08 03:25||russellsmithies||Note Added: 0021878|
|2014-12-10 20:59||yankeepride13||Note Added: 0021902|
|2014-12-14 17:32||onlineque||Note Added: 0021946|