sshd restart error message

7 posts / 0 new
Last post
#1 Wed, 02/08/2012 - 21:19
bwade30

sshd restart error message

This is probably not a virtualmin/webmin issue. But I've been having this issue in ssh. I restart ssh and I get this message. I've searched all over the web for an answer and cant' find anything and maybe my fellow vmin/wmin gurus can help out:

service sshd restart

Stopping sshd: [ OK ] cat: /proc/sys/crypto/fips_enabled: No such file or directory /etc/init.d/sshd: line 50: [: too many arguments Starting sshd: [ OK ]

This is a VPS openvz server with centos 6.2 64bit running latest vmin/wmin from install script.

I recently changed the ssh port and that's when I started noticing it. Not sure if it was an issue before the change or not. I tested by changing the port back to default 22 but same error message came up after restarting. Here is line 50 of etc/init.d/sshd if [ ! -s $RSA1_KEY -a cat /proc/sys/crypto/fips_enabled -eq 0 ]; then

There's obviously no file /proc/sys/crypto/fips_enabled for this either on the server. maybe I just need to create one or something. I just don't know.

Let me know if anyone has ever seen this or could help out. Thanks! Ben

Wed, 02/08/2012 - 22:16
andreychek

Howdy,

Hmm, I'm looking at the CentOS 6 system I have here, and I don't see a reference to fips_enabled in the init script anywhere.

I'm curious if that's due to the SSH version being used on your OpenVZ image there, or if there's some other cause for that.

What does this command output:

rpm -qa | grep openssh

Also, can you paste in the entire "if" block that begins at line 50?

-Eric

Wed, 02/08/2012 - 23:14
bwade30

I got the openvz template from the openvz website here: http://wiki.openvz.org/Download/template/precreated

Here's the output you requested:

rpm -qa | grep openssh

openssh-5.3p1-70.el6_2.2.x86_64 openssh-server-5.3p1-70.el6_2.2.x86_64 openssh-clients-5.3p1-70.el6_2.2.x86_64

here's line 50+

do_rsa1_keygen() { if [ ! -s $RSA1_KEY -a cat /proc/sys/crypto/fips_enabled -eq 0 ]; then echo -n $"Generating SSH1 RSA host key: " rm -f $RSA1_KEY if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $RSA1_KEY.pub fi success $"RSA1 key generation" echo else failure $"RSA1 key generation" echo exit 1 fi fi }

Fri, 02/10/2012 - 10:11
bwade30

Eric, were you able to gather any more info from my post and output?

Fri, 02/10/2012 - 18:58
andreychek

Howdy,

Well, I haven't run into that issue before, and I'm not really sure I know what's going on by your output there.

However, you could always try commenting out that entire "do_rsa1_keygen" function just to see if you can get SSH up and running.

-Eric

Fri, 02/10/2012 - 21:53
bwade30

ok, what i did was looked at other sshd files on other servers similar to this one and looked at that line and saw that none of them had that weird file lookup string. So i took that whole if statement from the other sshd file and replaced it and now the sshd starts just fine with no warnings or anything.

I replaced this:

if [ ! -s $RSA1_KEY -a cat /proc/sys/crypto/fips_enabled -eq 0 ]; then
echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
    /sbin/restorecon $RSA1_KEY.pub
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}

with this

if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
    /sbin/restorecon $RSA1_KEY.pub
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}

I really don't know why this line if (! -s $RSA1_KEY -a cat /proc/sys/crypto/fips_enabled -eq 0 ]; then) was in there.

Fri, 02/10/2012 - 22:10
andreychek

Well, Googling the error you got -- you're definitely not the only one to have this issue.

However, none of the CentOS 6 systems I looked at had that line in it either, so I'm not really sure what to make of that :-)

So SSH is starting successfully for you now? If so, that's great!

-Eric

Topic locked