From: Gary Mills <gary_mills@fastmail.fm>
To: illumos-developer <developer@lists.illumos.org>
Subject: [developer] Sshd fails on OS upgrade
Date: Tue, 5 Nov 2024 13:30:23 -0600 [thread overview]
Message-ID: <ZypyTyE9lA7vWhGH@imap.fastmail.com> (raw)
Yesterday, I upgraded one of my systems from hipster-20230813 to
hipster-20241104. (The number is the ISO date with dashes removed).
On reboot, everything was successful, except the console said:
SUNW-MSG-ID: SMF-8000-YX, TYPE: defect, VER: 1, SEVERITY: major
EVENT-TIME: Mon Nov 4 16:55:50 CST 2024
PLATFORM: S5510, CSN: empty, HOSTNAME: tyan
SOURCE: software-diagnosis, REV: 0.1
EVENT-ID: 26a5e479-0755-47d0-837d-4a0fbb3f6e99
DESC: A service failed - a start, stop or refresh method failed.
Refer to http://illumos.org/msg/SMF-8000-YX for more information.
AUTO-RESPONSE: The service has been placed into the maintenance state.
IMPACT: svc:/network/ssh:default is unavailable.
REC-ACTION: Run 'svcs -xv svc:/network/ssh:default' to determine the generic
+reason why the service failed, the location of any logfiles, and a list of
+other services impacted.
The server log said:
[ Nov 4 16:55:49 Executing start method ("/lib/svc/method/sshd start"). ]
/etc/ssh/sshd_config line 85: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 90: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config: line 103: Bad configuration option: MaxAuthTriesLog
/etc/ssh/sshd_config line 132: Deprecated option RhostsAuthentication
/etc/ssh/sshd_config line 138: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config line 145: Deprecated option RSAAuthentication
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[ Nov 4 16:55:49 Method "start" exited with status 95. ]
The configuration file was /etc/ssh/sshd_config . When I edited that
file to comment out all the Deprecated or Bad options, the service ran
with no fatal errors. I don't know where that file came from, but it
dates from 2017, and often mentions Oracle and Solaris. Perhaps it
came with an earlier version of the ssh package. The options
mentioned all were in the version 1 section.
In any case, the ssh package should include a working configuration
file, for ssh dummies like me. That way, the service would run
without all those errors. I don't even use ssh on that system.
--
-Gary Mills- -refurb- -Winnipeg, Manitoba, Canada-
------------------------------------------
illumos: illumos-developer
Permalink: https://illumos.topicbox.com/groups/developer/Tb0111d8c22b37938-M21e2c46d29da722aba7fb8e6
Delivery options: https://illumos.topicbox.com/groups/developer/subscription
next reply other threads:[~2024-11-05 19:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 19:30 Gary Mills [this message]
2024-11-05 20:05 ` Marcel Telka
2024-11-05 21:34 ` Gary Mills
2024-11-05 21:40 ` Marcel Telka
2024-11-05 20:27 ` Till Wegmüller
2024-11-05 21:49 ` Gary Mills
2024-11-06 0:14 ` Joshua M. Clulow via illumos-developer
2024-11-06 21:38 ` Peter Tribble
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZypyTyE9lA7vWhGH@imap.fastmail.com \
--to=gary_mills@fastmail.fm \
--cc=developer@lists.illumos.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).