SSH authentication failure: cannot open shared object file after Cloud Linux is removed

After removing Cloud Linux, SSH authentication may fail and show the following error.

Dec  1 11:36:08 server sshd[299734]: error: PAM: pam_open_session(): 
Module is unknown

https:<server ip>:2087/scripts2/doautofixer?autofix=safesshrestart Login to the WHM using your username 'root' and the server root password as the password. The autofixer will run as follows <code> AutoFixer Execution Requesting script … Done. Executing script … Attempting to locate sshd binaries installed on the system … Located /usr/sbin/sshd Done. Killing exisiting sshd processes… Stopping sshd: [ OK ] killed 2556 killed 2563 killed 10916 killed 10925 killed 94623 killed 94627 killed 278734 killed 278736 killed 319973 killed 319975 killed 324278 killed 324280 killed 340955 killed 340960 killed 344881 killed 344882 killed 389410 killed 389412 killed 393402 killed 393406 killed 411959 killed 411961 killed 522629 killed 522636 killed 561774 killed 561782 killed 582441 killed 582454 killed 607163 killed 607190 killed 648113 killed 648114 killed 662296 killed 662297 killed 697069 killed 697071 killed 698563 killed 698564 killed 811792 killed 811793 killed 912117 killed 912142 killed 914249 killed 914257 Done. Attempting to locate available port … port 22 is already in use configuring sshd to run on port 23 /usr/sbin/sshd successfully started! root 306012 0.0 0.0 64816 1292 ? Ss 11:38 0:00 /usr/sbin/sshd -f /var/cpanel/safe_sshd Done. </code> ===== Diagnosing the issue ===== SSH to the server on the port listed as the running port “configuring sshd to run on port 23”, if this port is not open by your firewall then open it for your IP. Once logged in you can review the secure log which holds the log for sshd to see the issue: <code> root@server [/var/log]# grep PAM /var/log/secure Dec 1 11:36:07 server sshd[299734]: PAM unable to dlopen(/lib64/security/pam_lve.so) </code> First we can see this module doesn't exist with the following line: <code> # stat /lib64/security/pam_lve.so stat: cannot stat `/lib64/security/pam_lve.so': No such file or directory </code> If we check the version of sshd you can see its a standard RPM, the underlying cause is that this PAM (Pluggable authentication module) module left over from cloud linux's lve feature is still called in the pam.d config: <code> # rpm -qi openssh-server Name : openssh-server Relocations: (not relocatable) Version : 4.3p2 Vendor: CentOS Release : 82.el5 Build Date: Wed 22 Feb 2012 08:04:57 AM PST Install Date: Thu 08 Mar 2012 02:41:26 AM PST Build Host: builder10.centos.org Group : System Environment/Daemons Source RPM: openssh-4.3p2-82.el5.src.rpm Size : 491029 License: BSD Signature : DSA/SHA1, Wed 22 Feb 2012 10:46:31 AM PST, Key ID a8a447dce8562897 URL : http://www.openssh.com/portable.html Summary : The OpenSSH server daemon Description : OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed. </code> ===== Fixing the issue ===== View the contents of the config file calling with with the following command <code> cat /etc/pam.d/sshd </code> You will see the following: <code> # cat /etc/pam.d/sshd #%PAM-1.0 auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so auth required pam_shells.so session required pam_lve.so 500 0 </code> Remove or comment out this line with your favorite editor (vi, nano, etc) by adding # in front of the line: <code> # session required pam_lve.so </code> Then restart ssh <code> service sshd restart: </code>