Re: Fixing sshd after someone hosed /var (248 Views)
Reply
Advisor
yaplej
Posts: 35
Registered: ‎11-07-2005
Message 1 of 6 (248 Views)

Fixing sshd after someone hosed /var

We had a problem where one of our vendors wiped out /var and restored from a previous backup. Turns out that the backup was from before I installed ssh.

So now when I try to connect with ssh I get "connection refused" and nothing in the syslog about the connect.

Doing some google I found /sbin/init.d/secsh start but it just tells me.

/var/empty must be owned by root and not group or world-writable.
EXIT CODE: 255

From the bits and pieces I have learned they were trying to cleanup the printers in sam and so tried to do a save/restore of the printer config to make sure its clean.

Doing the restore though apparently caused the printers list to be empty so they restored from tape to get the devices back.

Apparently breaking ssh. Grrr.

So how can I get this fixed? Running "ps -ef | grep sshd" shows me that sshd is still running.

root 19916 24414 1 18:12:22 pts/te 0:00 grep sshd

Thank you.
Advisor
yaplej
Posts: 35
Registered: ‎11-07-2005
Message 2 of 6 (248 Views)

Re: Fixing sshd after someone hosed /var

I just fixed the permissions on /var/empty and it was able to start correctly. Duh.
Honored Contributor
Kapil Jha
Posts: 1,478
Registered: ‎01-23-2006
Message 3 of 6 (248 Views)

Re: Fixing sshd after someone hosed /var

;) nice work dude....
i wish somehow u could assign 10 point to yourself.

BR,
Kapil
I am in this small bowl, I wane see the real world......
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 4 of 6 (248 Views)

Re: Fixing sshd after someone hosed /var

> So now when I try to connect with ssh I get
> "connection refused" and nothing in the
> syslog about the connect.

There's nothing in the log because sshd is
not running ("Connection refused"), so it
can't log anything.

> Running "ps -ef | grep sshd" shows me that
> sshd is still running.
>
> root 19916 24414 1 18:12:22 pts/te 0:00 grep sshd

That's your grep command, not the sshd
itself. What _that_ shows is that sshd is
_not_ running, which is consistent with that
"Connection refused" complaint above.
Advisor
yaplej
Posts: 35
Registered: ‎11-07-2005
Message 5 of 6 (248 Views)

Re: Fixing sshd after someone hosed /var

Ah woops didnt notice that it was finding the grep command.
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 6 of 6 (248 Views)

Re: Fixing sshd after someone hosed /var

> [...] didnt notice that it was finding the
> grep command.

The usual trick in this case is to use a
simple regular expression which won't match
itself. For example:

grep [s]shd

I find it to be a trick worth remembering.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.