# [SSHD] connection closed immediately on login



## Beeblebrox (Nov 6, 2013)

sshd is running and accepts connections, but claims that the "user disconnected" immediately after login. It also complains as:

```
csh: No such file or directory
```

I have tried different users
I created a separate test user just for this
I have tried linux clients and from host its self
All give same result. /etc/ssh/sshd_config has no modifications at all (file unmodified as placed by distribution).  What is the reason for the disconnect and the shell error message?

`$ ssh bob@localhost`

```
Password for bob@domain.name:
Last login: Wed Nov  6 07:51:14 2013 from 192.168.2.1
FreeBSD 9.2-STABLE
<MOTD MESSAGE>
Environment:
  USER=bob
  LOGNAME=bob
  HOME=/home/bob
  MAIL=BLOCKSIZE=K
  PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/games:/usr/local/kde4:/data/i386/usr/local/bin:/usr/local/libexec/ccache
  TERM=xterm
  FTP_PASSIVE_MODE=YES
  MM_CHARSET=UTF-8
  SHELL=/bin/csh
  SSH_CLIENT=127.0.0.1 57268 22
  SSH_CONNECTION=127.0.0.1 57268 127.0.0.1 22
  SSH_TTY=/dev/pts/2
csh: No such file or directory
Connection to localhost closed.
```
`# /usr/sbin/sshd -d`

```
debug1: HPN Buffer Size: 65536
debug1: sshd version OpenSSH_6.2p2_hpn13v11 FreeBSD-20130515, OpenSSL 0.9.8y 5 Feb 2013
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
debug1: HPN Buffer Size: 65536
Server listening on 0.0.0.0 port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 127.0.0.1 port 57268
debug1: HPN Disabled: 0, HPN Buffer Size: 65536
debug1: Client protocol version 2.0; client software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: permanently_set_uid: 22/22 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
Address 127.0.0.1 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! [preauth]
debug1: userauth-request for user bob service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "bob"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: userauth-request for user bob service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: keyboard-interactive devs  [preauth]
debug1: auth2_challenge: user=bob devs= [preauth]
debug1: kbdint_alloc: devices 'pam' [preauth]
debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Postponed keyboard-interactive for bob from 127.0.0.1 port 57268 ssh2 [preauth]
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 0
Postponed keyboard-interactive/pam for bob from 127.0.0.1 port 57268 ssh2 [preauth]
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for bob from 127.0.0.1 port 57268 ssh2
debug1: monitor_child_preauth: bob has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 1550
debug1: PAM: establishing credentials
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1551
debug1: session_exit_message: session 0 channel 0 pid 1551
debug1: session_exit_message: release channel 0
debug1: session_by_tty: session 0 tty /dev/pts/2
debug1: session_pty_cleanup: session 0 release /dev/pts/2
Received disconnect from 127.0.0.1: 11: disconnected by user
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
```


----------



## SirDice (Nov 6, 2013)

What shell does the user have? It looks like it's not set correctly.


----------



## Beeblebrox (Nov 6, 2013)

/etc/shells:

```
/bin/sh
/bin/csh
/bin/tcsh
/usr/local/bin/bash
/usr/local/bin/rbash
/usr/local/libexec/git-core/git-shell
```


```
[CMD]$ grep bob /etc/passwd[/CMD]  =>  bob:*:1009:0:BOB:/home/bob:/bin/csh
[CMD]$ echo $SHELL [/CMD] =>  /bin/csh
[CMD]$ chsh [/CMD] =>  #Changing user information for bob \ Shell: /bin/csh
```

No settings made in /etc/ssh regarding PermitUserEnvironment or shells.


----------



## SirDice (Nov 6, 2013)

Apparently /bin/csh doesn't exist anymore on your system. Or perhaps the permissions are screwed up.

```
dice@armitage:~% ls -al /bin/csh
-r-xr-xr-x  2 root  wheel  382064 Oct  3 15:17 /bin/csh
```


----------



## Beeblebrox (Nov 6, 2013)

```
$ ls -al /bin/*sh
lrwxr-xr-x  1 root  wheel      19 Sep  9 14:26 /bin/bash -> /usr/local/bin/bash
-r-xr-xr-x  2 root  wheel  374008 Oct 27 14:45 /bin/csh
-r-xr-xr-x  1 root  wheel  141336 Oct 27 14:45 /bin/sh
-r-xr-xr-x  2 root  wheel  374008 Oct 27 14:45 /bin/tcsh
```


```
$ ssh bob@localhost -s /bin/sh
Password for [email]bob@domain.name[/email]:
subsystem request failed on channel 0
```

All shells work from tty* normally and csh, being the default is not giving any problems on host.
It seems I'm an expert in getting my system to come up with the strangest errors.


----------



## Savagedlight (Nov 6, 2013)

Please check permissions on /usr/libexec/sftp-server. You may also want to `# tail -f /var/log/messages /var/log/auth` to see what SSHD and other subsystems says during login.


----------



## Beeblebrox (Nov 6, 2013)

Hi @Savagedlight,

```
$ ll /usr/libexec/sftp-server
-r-xr-xr-x  1 root  wheel  36360 Oct 27 14:46 /usr/libexec/sftp-server*
```
My first post shows sshd as started in debug mode, hence the related output. Changed shell to sh for bob

```
$ grep bob /etc/passwd[/CMD] => bob:*:1009:0:bob:/home/bob:/bin/sh
and re-tried [file]ssh -vv[/file]. notice "csh: No such file or directory" message:
[code]Password for bob@domain.name:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([127.0.0.1]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
Last login: Wed Nov  6 15:56:04 2013
debug2: tcpwinsz: 81660 for connection: 3
FreeBSD 9.2-STABLE
<MOTD>
debug2: tcpwinsz: 81660 for connection: 3
debug2: tcpwinsz: 81660 for connection: 3
[color="Red"][B]csh: No such file or directory[/B][/color]
debug2: tcpwinsz: 81660 for connection: 3
[color="Red"][B]debug2: channel 0: rcvd eof[/B][/color]
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: tcpwinsz: 81660 for connection: 3
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug2: tcpwinsz: 81660 for connection: 3
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed.
Transferred: sent 2724, received 2528 bytes, in 0.0 seconds
Bytes per second: sent 555704.5, received 515719.9
debug1: Exit status 1
```


----------



## SirDice (Nov 6, 2013)

Odd, even with the shell set to sh it's still looking for csh. You might want to check the user's ~/.ssh/config and look for LocalCommand. Or perhaps it's the user's ~/.login that's causing it.


----------



## Beeblebrox (Jun 20, 2014)

*Here's how I solved this:* After buildworld/installworld, I backed-up my /etc folder and did `# make distribution`. SSHD started working fine after that. I suspect the problem was related to PAM settings.

 I then had to manually sort through my backed-up /etc folder to restore my preferred settings.


----------

