Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

General support questions
Post Reply
walkn
Posts: 11
Joined: 2019/10/30 10:24:30

Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by walkn » 2019/10/31 08:28:00

Hi,

I wrote this topic because I have an issue on a CentOS 7.7.1908 server.

When I'm trying to login via ssh to this server, the connection "wait" 30 seconds. It's the same when I'm already logged in and I try to login with an AD user.

Here is the output of my /var/log/secure :

Code: Select all

Oct 31 09:04:00 centossrv sshd[2785]: Accepted password for root from 10.237.170.0 port 61246 ssh2
Oct 31 09:04:30 centossrv sshd[2785]: pam_systemd(sshd:session): Failed to create session: Connection reset by peer
Oct 31 09:04:30 centossrv sshd[2785]: pam_unix(sshd:session): session opened for user root by (uid=0)
My server is up-to-date and I'm using the kernel 5.x :

Code: Select all

# uname -msr
Linux 5.3.7-1.el7.elrepo.x86_64 x86_64
When I'm "root" and I'm trying to su - <my_active_directory_user> it's the same.
Here is the output of journalctl

Code: Select all

# journalctl --boot --unit sshd
Oct 31 09:12:40 centossrv su[8578]: (to myuser) root on pts/2
Oct 31 09:13:10 centossrv su[8578]: pam_systemd(su-l:session): Failed to create session: Connection reset by peer
Oct 31 09:13:10 centossrv su[8578]: pam_unix(su-l:session): session opened for user myuser by root(uid=0)
Here is my nsswitch.conf :

Code: Select all

# grep -v ^# /etc/nsswitch.conf


passwd:     files sss
shadow:     files sss
group:      files nis


hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  nisplus

automount:   files nis
aliases:    files nisplus
Here is my sssd.conf:

Code: Select all

# grep -v ^# /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
services = nss,pam

domains = mydomain.com

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/mydomain.com]
access_provider = ad
ad_domain = mydomain.com
cache_credentials = True
debug_level = 0
default_shell = /bin/bash
dns_discovery_domain = mydomain.com
fallback_homedir = /u/users/%u
id_provider = ad
ignore_group_members = True
krb5_realm = mydomain.com
krb5_store_password_if_offline = True
ldap_id_mapping = False
ldap_idmap_range_min = 1824600000
ldap_idmap_range_size = 2000000
realmd_tags = manages-system joined-with-samba
subdomains_provider = none
use_fully_qualified_names = False
ad_gpo_ignore_unreadable = True
I have others servers with the same configurations setup and all works fine.

What can I do to troubleshoot my server and fix this issue ?

Thank you very much for your help.

Best regards,

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by TrevorH » 2019/10/31 16:08:38

30 second timeouts when logging in to a server via ssh are usually due to a dead nameserver being listed in /etc/resolv.conf. It consults them one at a time from the top down and waits 30s for each one to respond before moving onto the next (options rotate can change that behaviour but won't stop the timeout).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

walkn
Posts: 11
Joined: 2019/10/30 10:24:30

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by walkn » 2019/10/31 18:28:57

I already checked the /etc/resolve.conf on all the servers the one where is the issue and another one where everything is OK.

The /etc/resolve.conf are the same on the servers and in the same order.

So I think it's not related.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by TrevorH » 2019/10/31 22:00:06

I would test each nameserver in turn from the problematic server to rule them out. You can specify the server to consult using host/nslookup and dig.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

walkn
Posts: 11
Joined: 2019/10/30 10:24:30

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by walkn » 2019/11/04 07:52:30

Hi,

I don't know how to validate my /etc/resolve.conf.

Can you give me some example of commands that I should try ?

Here is my /etc/resolve.conf:

Code: Select all

domain mydomain.com
search mydomain.com infra.mydomain.com
nameserver 10.24.128.10
nameserver 10.24.128.11
nameserver 10.24.129.10

walkn
Posts: 11
Joined: 2019/10/30 10:24:30

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by walkn » 2019/11/04 12:22:25

I have tried these commands :

Code: Select all

dig -x 10.24.128.10 +short
dig -x 10.24.128.11 +short
dig -x 10.24.129.10 +short
and

Code: Select all

host mydomain.com 10.24.128.10
host mydomain.com 10.24.128.11
host mydomain.com 10.24.129.10
And everything seems OK


walkn
Posts: 11
Joined: 2019/10/30 10:24:30

Re: Login delayed by 30 seconds with pam_systemd(sshd:session): Failed to create session: Connection reset by peer

Post by walkn » 2019/11/20 13:38:57

My problem is still there :cry:

I have test :

Code: Select all

 hostname -f 
and this command is not blocking.

The issue appears when I try to do :

Code: Select all

su - <username>
or when I try to open a new ssh connection to a server.

I have re-install this package : libwbclient that cause some trooble when restarting sssd service.

After reinstalling this package everything works fine for 24H and then the problem comes back again ...

I don't know what to do about that...

Moreover, I have this message when I'm trying to restart a service :

Code: Select all

# systemctl restart systemd-logind
Authorization not available. Check if polkit service is running or see debug message for more information.
Can someone help me ?

Post Reply