Cannot start SSH Server

Hi I am on a Rackspace server with

Operating system Debian Linux 5.0 Webmin version 1.610 Virtualmin version 3.98.gpl GPL

Today there was a problem with another user disk swapping so I had to reboot when I came back from the reboot I could not SSH in using PUTTY.

I cannot SFTP or use Navicat to connect to my DB's.

I can use Rackspaces rubbish online console but I want to be able to SSH and FTP files up.

In WebMin the Firewall says port 22 is open but in VMIN it also says my SSH Server is not running.

When I try and hit the green play button I get this back.

Failed to start service : sh: /tmp/sh: No such file or directory

I don't know why this has happened.

I cannot use the File Manager to check the directory as it keeps saying I need to run Java, I download Java and install it but the page keeps saying the same message. Refresh doesn't solve it.

I am on Windows 8.1 at home and Windows 7 at work.

I need to find out what is going on ASAP and I don't know why SSH has suddenly stopped.

Someone said install SSH2 from the list of 3rd party modules but I don't know how to get it running. I am a Windows person unfortunately so I running lots of VI commands just frustrates me to bits.

What can I do to get SSH running again? And why has it stopped like this?

Thanks

Rob

Status: 
Active

Comments

Hi

I seem to have fixed it - I don't actually know how but it is working.

I had to

-allow Java access to my host as it kept saying "security settings have blocked this app" -I added a blank file in /tmp/sh (whether that did anything I have no idea) just wanted to see if a different error came up -I installed the 3rd party package SSH2 -That didn't work on it's own so I renamed the config file to /etc/ssh/ssh_config_old -I then re-installed SSH from the the package manager -I now have SSH, SSH and SSH2 as menu otions, first shows an error, 2nd shows an applet like black screen saying I am connected and SSH2 shows a different applet -I clicked on the SSH server link (not the start button) this got me into a page that said SSH was running. -After some refreshes the page now shows that SSH server is running -I can now SFTP and SSH in with Putty.

I did see some stuff that seemed like exploits related to the error I was getting "sh: /tmp/sh: No such file or directory"

Here are some links (Russian) http://seclists.org/fulldisclosure/2006/Jul/305 http://www.linux.org.ru/news/kernel/1487942

So I don't know if the server was comprimised during the reboot somehow??

But it all started AFTER a reboot on a VS due to someone else's disk swapping.

Any clues or ideas for fixing anything i did wrong let me know.

Thanks

Howdy -- if you're able to login as root via the Rackspace console, you can start the SSH service by running this command:

/etc/init.d/ssh restart

It sounds like you were able to get that working though.

While I'm not sure if you're seeing a security issue there -- Debian 5 did reach it's end of life two and a half years ago. It hasn't received any security updates since then.

Especially with the recent Bash vulnerability, your server is at risk to an intrusion.

Since you're using Virtualmin GPL there though, if you had any followup questions, you would want to ask those in the forums, which you can access using the "Forums" link above. We monitor the forums, along with lots of wonderful folks in the community.

Thanks!

Hi

Yes I know it has come to the end of it's life but I just don't have the time to find a new hosting company (Rackspace well expensive for what I use, 2GB RAM + Bandwidth), especially seeing I put it all behind Cloudflare and would have though that would have saved me bandwidth but it has just gone up and up despite me banning whole county IP ranges like Russia, China, Israel and Brazil - countries that cannot purchase my product and have the most hack attempts etc.

Also I need to obviously stage the downtime (with paying customers) and move over at a time convenient to me, work + extra out of hours job - hard to find the time but it is on my plans to do.

By the way I did try those commands from Rackspaces own web console (which is shite to use) e.g

/etc/init.d/ssh restart /etc/init.d/sshd restart service ssh restart service sshd restart

But these all returned errors (I haven't got them to hand) but I was doing this whilst on a live chat to Rackspace/

What I want to know (and I am not a server maintenance guy - just a web dev) is -why this all happened during a SOFT reboot from Rackspace -why my Firewall said port 22 was open but SSH Service was not running -why when trying to start the service I got the error "sh: /tmp/sh: No such file or directory" as if something had been deleted or removed. Is there supposed to be a file or directory at that location and what is supposed to be there as even after re-installing these 2 packages I don't have anything in that directory?

In fact after re-logging in I don't even have that empty text file I created called /sh so what has happened to it?

I ban over 60% of my traffic anyhow have some hard .htacess rules (blank user-agents, no CURL, WGET, Java-Lib and other default agents when people don't set one, or any under 10 chars long (jibberish) etc) and a long list of BOTS and social media bandwidth rapists that just steal content and cost me money.

So I'd like to know what happened - in fact doing another reboot just now has stopped the SSH Server again!

You can see me trying to execute the commands here

/etc/init.d/ssh restart sh: /tmp/sh: No such file or directory /etc/init.d/sshd restart bash: /etc/init.d/sshd: No such file or directory service ssh restart bash: service: command not found service sshd restart bash: service: command not found

and re-starting the server gives me

Failed to start SSH server : sh: /tmp/sh: No such file or directory

Nothing in the error log gives me any clues whatsoever

Only by re-creating an empty file in that location /tmp/sh e.g a blank text file called sh gets me going again!

Whilst that file isn't there no SSH server (new or old version) works.

Once I have created an empty file there it works.

So why does a reboot cause this file to disappear and why does creating a blank file get both SFTP, Putty and SSH tunnel AND the SSH server running again?

Thanks

Rob

Since you aren't seeing a Virtualmin bug, and you're using Virtualmin GPL, you're going to want to use the Forums to obtain support. You can access those using the "Forums" link above.

However, I'll offer that there's no "normal" reason why you would experience those problems during a server reboot. A reboot is typically a very safe operation.

The symptoms you've described indicate a problem of some kind, possibly a serious problem, with your operating system.

Using a server that's reached it's end of life is at a high risk of problems and complications, and it's possible that you've run into one (even if it's using Cloudflare).

If you're not comfortable with Linux server administration, you may need to get a Linux server administrator to take a peek at your server to diagnose what's going on.

You could always start by posting a message into the Forums, and see if anyone else has received that particular error before.