crshep

Well-Known Member
Sep 26, 2006
114
8
168
When ever I try to restart SSH I always get
------------------------------------------------------------------
Restarting SSH Daemon

Waiting for sshd to restart.....finished.

sshd (/usr/sbin/sshd) running as root with PID 27400 (pidfile check method)

sshd: [ != SSH]
sshd has failed, please contact the sysadmin.
--------------------------------------------------------------------

I was told by the host it is probably becasue I changed the SSH port from 22 to another port.
If this is true how to I fix it so it restarts with the NEW port I gave it since we all know keeping
port 22 isn't a good idea.

Thanks
Charles
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Check to see if a custom ListenAddress entry exists in your /etc/ssh/sshd_config file that binds SSH to a specific IP address. If there is such an entry, it will prevent local connections to SSH over 127.0.0.1, and thus result in that failure message.

Thank you.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
This is what I see in that file if this is the part your talking about. (I XXXX the port on purpose)

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port XXXX
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

---------------------------------------------------------------------

Anyway you told me what would cause the result of the failure message so how would I fix it so it works?

Thanks
Charles
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Please post the output (removing actual IPs) from:

Code:
grep ListenAddress /etc/ssh/sshd_config
Thank you.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
Is this what you mean? and thanks
------------------------------------------------------
[email protected] [~]# grep ListenAddress /etc/ssh/sshd_config
#ListenAddress 0.0.0.0
#ListenAddress ::
[email protected] [~]#
--------------------------------------------------------

Charles
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
That output looks normal. To clarify, are you experiencing the same issue when restarting SSH via the command line?

Thank you.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
Yes on all my VPS's since I do not use port 22 I figure if you can get me to fix one the others will be easy to fix. :O)
-------------------

Restarting SSH Daemon

Waiting for sshd to restart.....finished.

sshd (/usr/sbin/sshd) running as root with PID 27400 (pidfile check method)

sshd: [ != SSH]
sshd has failed, please contact the sysadmin.
--------------------------------------------------------

Thanks
Charles
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
It's not accurate that SSH will fail during restarts if you use a different port. Check to see if you have any rules in /etc/hosts.allow that could be denying localhost access to SSH to report it as running well. Please keep in mind that it looks like SSH is actually running fine, and it's just being incorrectly reported as failed.

Thank you.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
my IP is in the /etc/hosts.allow as is cpanels IP's

But I would like to note changing the port back to 22 the restart works fine. So I would say it does matter the port being used. It seems like any port other then 22 it fails.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Please open a support ticket so we can take a closer look. If that's the case, an internal case is necessary. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
Trevor Bordner says: June 22nd, 2014 at 07:41 AM
Hello,

Thanks for standing by while I've continued to look into this.

After a bit more digging, I found that this is related to a known issue in the current cPanel release which happens when "sshd : ALL : deny" is found in the /etc/hosts.allow file. This issue is being tracked with case #97153, and this will be published on http://changelog.cpanel.net when the fix is released.

In the meantime, it looks like you'll be able to correct this by adding an entry for localhost in your /etc/hosts.allow file before the deny:

-------
sshd : 127.0.0.1 : allow
-------

This will allow the server to connect to itself and stop that error message from appearing when restarting SSH through WHM.

Please let me know if you have any questions about this or experience any issues with this workaround and I'll be happy to assist you with this further.

Regards,

--
Trevor Bordner
Technical Analyst II
Migrations Specialist
cPanel.net
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I am happy to see the issue was resolved. Yes, it's where I was getting at when referencing the rules in /etc/hosts.allow in my earlier response. Thank you for updating us with the outcome.
 

crshep

Well-Known Member
Sep 26, 2006
114
8
168
Interesting reply from Trevor, I always though sshd : 127.0.0.1 : allow had to there if you were adding any entry to the hosts.allow file

yea just kind of weird that you have to add sshd : 127.0.0.1 : allow to the "/etc/hosts.allow" for the server to see it's self I would have NEVER thought that. LOL So when I looked it up my IP was there and that was why I told Michael my IP is there not thinking "localhost" since I would have thought the server could see it's self.

Anyway as long as it worked was all I cared about.

Thanks