What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Entware OpenSSH is getting killed by... something.

unsynaps

Senior Member
Best I can tell I have OpenSSH installed properly. Using the same ansible scriptsI used before to get it installed and working.

But for some reason now the sshd process is killed seconds after launching. No errors in even the debug logs for sshd. Even running it via /opt/sbin/sshd -D it just says "killed" after a second or two.

At a loss as to why this is happening.

Oh yes and I know about the bug in /opt/etc/ssh/sshd_config. Fixed that after some hair pulling. Issue still persists.
 
You can install strace from Entware and run strace /opt/sbin/sshd -D and see what system calls appear before being killed.
 
It's possibly killed by Asus' security daemon. A number of malware disguise themselves as the sshd process.
 
It's possibly killed by Asus' security daemon. A number of malware disguise themselves as the sshd process.
For the love of... I think this is it. Renamed /opt/sbin/sshd to <face+keyboard> and it doesn't get killed.

This must be something "new" as I never had this issue in the past.

Is there a more "elegant" way of dealing with this?
 
Ahh looks like I am going to have to add some sed tasks to my playbooks modifying the init.d scrips and such.

Ahh well. Thanks for the info RMerlin.

 
Best I can tell I have OpenSSH installed properly. Using the same ansible scriptsI used before to get it installed and working.

But for some reason now the sshd process is killed seconds after launching. No errors in even the debug logs for sshd. Even running it via /opt/sbin/sshd -D it just says "killed" after a second or two.

At a loss as to why this is happening.

Oh yes and I know about the bug in /opt/etc/ssh/sshd_config. Fixed that after some hair pulling. Issue still persists.

It's possibly killed by Asus' security daemon. A number of malware disguise themselves as the sshd process.

FYI,

I haven't had any problems at all running the OpenSSH server on my RT-AC86U with the latest 3004.386.14.2 F/W version. I have the latest OpenSSH server package from Entware. Perhaps the ASD behavior is different on the 3004.388.8.4 versions.

BTW, I do have a watchdog for the OpenSSH server (via a cron job) and, so far, it has not logged any events indicating that it had to restart the "sshd" process because it was not found.

OpenSSH_OK_3004.386.14.2_FW.jpg


Just a data point.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top