This is an old revision of the document!
SSH authentication failure: cannot open shared object file after Cloud Linux is removed
After removing Cloud Linux, SSH authentication may fail and show the following error.
Dec 1 11:36:08 server sshd[299734]: error: PAM: pam_open_session(): Module is unknown
Running the SSH autofixer to restart SSH on port 23
https:<server ip>:2087/scripts2/doautofixer?autofix=safesshrestart
Login to the WHM using your username 'root' and the server root
password as the password. The autofixer will run as follows
<code>
AutoFixer Execution
Requesting script …
Done.
Executing script …
Attempting to locate sshd binaries installed on the system …
Located /usr/sbin/sshd
Done.
Killing exisiting sshd processes…
Stopping sshd: [ OK ]
killed 2556 killed 2563 killed 10916 killed 10925 killed 94623 killed
94627 killed 278734 killed 278736 killed 319973 killed 319975 killed
324278 killed 324280 killed 340955 killed 340960 killed 344881 killed
344882 killed 389410 killed 389412 killed 393402 killed 393406 killed
411959 killed 411961 killed 522629 killed 522636 killed 561774 killed
561782 killed 582441 killed 582454 killed 607163 killed 607190 killed
648113 killed 648114 killed 662296 killed 662297 killed 697069 killed
697071 killed 698563 killed 698564 killed 811792 killed 811793 killed
912117 killed 912142 killed 914249 killed 914257 Done.
Attempting to locate available port …
port 22 is already in use
configuring sshd to run on port 23
/usr/sbin/sshd successfully started!
root 306012 0.0 0.0 64816 1292 ? Ss 11:38 0:00
/usr/sbin/sshd -f /var/cpanel/safe_sshd
Done.
</code>
===== Diagnosing the issue =====
SSH to the server on the port listed as the running port “configuring
sshd to run on port 23”, if this port is not open by your firewall then open it
for your IP.
Once logged in you can review the secure log which holds the log for
sshd to see the issue:
<code>
root@server [/var/log]# grep PAM /var/log/secure
Dec 1 11:36:07 server sshd[299734]: PAM unable to
dlopen(/lib64/security/pam_lve.so)
</code>
First we can see this module doesn't exist with the following line:
<code>
# stat /lib64/security/pam_lve.so
stat: cannot stat `/lib64/security/pam_lve.so': No such file or directory
</code>
If we check the version of sshd you can see its a standard RPM, the
underlying cause is that this PAM (Pluggable authentication module)
module left over from cloud linux's lve feature is still called in the
pam.d config:
<code>
# rpm -qi openssh-server
Name : openssh-server Relocations: (not relocatable)
Version : 4.3p2 Vendor: CentOS
Release : 82.el5 Build Date: Wed 22 Feb 2012
08:04:57 AM PST
Install Date: Thu 08 Mar 2012 02:41:26 AM PST Build Host:
builder10.centos.org
Group : System Environment/Daemons Source RPM:
openssh-4.3p2-82.el5.src.rpm
Size : 491029 License: BSD
Signature : DSA/SHA1, Wed 22 Feb 2012 10:46:31 AM PST, Key ID
a8a447dce8562897
URL : http://www.openssh.com/portable.html
Summary : The OpenSSH server daemon
Description :
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.
</code>
===== Fixing the issue =====
View the contents of the config file calling with with the following
command
<code>
cat /etc/pam.d/sshd
</code>
You will see the following:
<code>
# cat /etc/pam.d/sshd
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
auth required pam_shells.so
session required pam_lve.so 500 0
</code>
Remove or comment out this line with your favorite
editor (vi, nano, etc) by adding # in front of the line:
<code>
# session required pam_lve.so
</code>
Then restart ssh
<code>
service sshd restart:
</code>