Wednesday, November 14, 2012

debugging solaris 10 ssh daemon

on solaris 10 i had a problem. it bugged me off and on for like a week.

it was like this:

ldap user on a solaris 10 box with a pubkey or without a pubkey was unable to ssh to other systems, be they solaris or otherwise. this was the case for all zillion solaris 10 sparc and x86 systems i have. not so for solaris 9. and nope for solaris 11.

first i thought there was something amiss with the user's ssh directory. maybe it was the perms on the mount. hell. maybe it was an issue then with the ldap record. the ssh daemons? time to debug...
localhost # /usr/lib/ssh/sshd -p 2222 -Dddd
localhost ~ ssh -vvv -l notme -p 2222 localhost
little did i know, it was not a problem with:
/etc/pam.conf
login auth sufficient         pam_ldap.so.1
nor an issue with:
/etc/ssh/ssh_conf
Host *
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null
or even:
/etc/ssh/sshd_conf
#ListenAddress 0.0.0.0
#ListenAddress ::
no no.

it was the existence of this wickedness:
localhost notme ~ .sunw
i don't care what that directory holds, it makes my systems puke:
localhost # cp -r /notme/.sunw /notme/.sunw.crap
localhost # rm -rf /notme/.sunw ; mkdir /notme/.sunw
localhost # chmod ugo-rwx /notme/.sunw
localhost # la -al /notme/ |grep .sunw*
drwxrwxr-x   5 notme    notme          4096 Nov 13 13:31 .sunw.crap
d---------   2 notme    notme          4096 Nov 13 13:31 .sunw
Post a Comment