CentOS

Hi,

I wrote this topic because I have an issue on a CentOS 7.7.1908 server.

When I'm trying to login via ssh to this server, the connection "wait" 30 seconds. It's the same when I'm already logged in and I try to login with an AD user.

Here is the output of my /var/log/secure :

Code: Select all

Oct 31 09:04:00 centossrv sshd[2785]: Accepted password for root from 10.237.170.0 port 61246 ssh2
Oct 31 09:04:30 centossrv sshd[2785]: pam_systemd(sshd:session): Failed to create session: Connection reset by peer
Oct 31 09:04:30 centossrv sshd[2785]: pam_unix(sshd:session): session opened for user root by (uid=0)

My server is up-to-date and I'm using the kernel 5.x :

Code: Select all

# uname -msr
Linux 5.3.7-1.el7.elrepo.x86_64 x86_64

When I'm "root" and I'm trying to su - <my_active_directory_user> it's the same.
Here is the output of journalctl

Code: Select all

# journalctl --boot --unit sshd
Oct 31 09:12:40 centossrv su[8578]: (to myuser) root on pts/2
Oct 31 09:13:10 centossrv su[8578]: pam_systemd(su-l:session): Failed to create session: Connection reset by peer
Oct 31 09:13:10 centossrv su[8578]: pam_unix(su-l:session): session opened for user myuser by root(uid=0)

Here is my nsswitch.conf :

Code: Select all

# grep -v ^# /etc/nsswitch.conf


passwd:     files sss
shadow:     files sss
group:      files nis


hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  nisplus

automount:   files nis
aliases:    files nisplus

Here is my sssd.conf:

Code: Select all

# grep -v ^# /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
services = nss,pam

domains = mydomain.com

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/mydomain.com]
access_provider = ad
ad_domain = mydomain.com
cache_credentials = True
debug_level = 0
default_shell = /bin/bash
dns_discovery_domain = mydomain.com
fallback_homedir = /u/users/%u
id_provider = ad
ignore_group_members = True
krb5_realm = mydomain.com
krb5_store_password_if_offline = True
ldap_id_mapping = False
ldap_idmap_range_min = 1824600000
ldap_idmap_range_size = 2000000
realmd_tags = manages-system joined-with-samba
subdomains_provider = none
use_fully_qualified_names = False
ad_gpo_ignore_unreadable = True

I have others servers with the same configurations setup and all works fine.

What can I do to troubleshoot my server and fix this issue ?

Thank you very much for your help.

Best regards,

30 second timeouts when logging in to a server via ssh are usually due to a dead nameserver being listed in /etc/resolv.conf. It consults them one at a time from the top down and waits 30s for each one to respond before moving onto the next (options rotate can change that behaviour but won't stop the timeout).

I already checked the /etc/resolve.conf on all the servers the one where is the issue and another one where everything is OK.

The /etc/resolve.conf are the same on the servers and in the same order.

So I think it's not related.

I would test each nameserver in turn from the problematic server to rule them out. You can specify the server to consult using host/nslookup and dig.

Hi,

I don't know how to validate my /etc/resolve.conf.

Can you give me some example of commands that I should try ?

Here is my /etc/resolve.conf:

Code: Select all

domain mydomain.com
search mydomain.com infra.mydomain.com
nameserver 10.24.128.10
nameserver 10.24.128.11
nameserver 10.24.129.10

I have tried these commands :

Code: Select all

dig -x 10.24.128.10 +short
dig -x 10.24.128.11 +short
dig -x 10.24.129.10 +short

and

Code: Select all

host mydomain.com 10.24.128.10
host mydomain.com 10.24.128.11
host mydomain.com 10.24.129.10

And everything seems OK

No help about my issue ?

My problem is still there

I have test :

Code: Select all

 hostname -f

and this command is not blocking.

The issue appears when I try to do :

Code: Select all

su - <username>

or when I try to open a new ssh connection to a server.

I have re-install this package : libwbclient that cause some trooble when restarting sssd service.

After reinstalling this package everything works fine for 24H and then the problem comes back again ...

I don't know what to do about that...

Moreover, I have this message when I'm trying to restart a service :

Code: Select all

# systemctl restart systemd-logind
Authorization not available. Check if polkit service is running or see debug message for more information.

Can someone help me ?

CentOS

Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer