From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6 Description of problem: after yum update, I noticed failures with the /etc/rc.d/init.d/sshd script: 1. # /etc/rc.d/init.d/sshd condrestart sshd: OpenSSH_4.1 on i686-pc-linux-gnu Unknown option -t [FAILED] # 2. # /etc/rc.d/init.d/sshd restart Stopping sshd: [FAILED] Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu sshd: FATAL: Creating listener failed: port 22 probably already in use! [FAILED] # to (1.): in the script, inside the function do_restart_sanity_check() makes use of the option '-t', see line 91. to (2.): in the script, the stop() function tries to determine the PID of the current parent sshd, pointing to the function pidfileofproc() that tries to derive the filename as '/var/run/$base.pid'. For some reason the file I see is not /var/run/sshd.pid but # ls -a /var/run/*ssh* /var/run/sshd2_22.pid # as you can verify by running strings on the binary # strings /usr/sbin/sshd |grep var /var/run/sshd2_%s.pid [... output of strings truncated] Version-Release number of selected component (if applicable): openssh-server-4.1p1-3.1 How reproducible: Always Steps to Reproduce: 1. /etc/rc.d/init.d/sshd restart or 2./etc/rc.d/init.d/sshd condrestart Actual Results: # /etc/rc.d/init.d/sshd restart Stopping sshd: [FAILED] Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu sshd: FATAL: Creating listener failed: port 22 probably already in use! [FAILED] Expected Results: # /etc/rc.d/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu [ OK ] Note: I did a 'mv /var/run/sshd2_22.pid /var/run/sshd.pid' to make this happen :) . Additional info: # uname -a Linux obfuscated.hostname 2.6.12-1.1398_FC4 #1 Fri Jul 15 00:52:32 EDT 2005 i686 i686 i386 GNU/Linux
This is really weird - I cannot reproduce anything like this here with exactly the same openssh package. What rpm -V openssh and rpm -V openssh-server writes?
Sorry, I already tinkered with this a little more and in the process I happened to uninstall the openssh-server rpm. So, unfortunately I can no longer run the --verify for you. However, I am now unable to reinstall it: please check this out... # rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/openssh-server-4.1p1-3.1.i386.rpm Retrieving http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/openssh-server-4.1p1-3.1.i386.rpm Preparing... ########################################### [100%] 1:openssh-server warning: /etc/pam.d/sshd created as /etc/pam.d/sshd.rpmnew warning: /etc/rc.d/init.d/sshd saved as /etc/rc.d/init.d/sshd.rpmorig warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew ########################################### [100%] error: unpacking of archive failed on file /usr/sbin/sshd: cpio: rename failed - Operation not permitted # Finally: tracked down that /usr/sbin/sshd is chattr'ed with the immutable bit (I'm pretty sure this was not done by me manually, so I really suspect a script out of the RPMs and/or updates, maybe selinux ? ): # lsattr -v /usr/sbin/sshd 970694379 -u--ia------- /usr/sbin/sshd after removing this file, re-installed the openssh-server RPM and all looks normal
No, I don't think the immutable bit was set by script from RPM or selinux updates. If you didn't do it yourself it is very suspicious. It seems like your computer is compromised. But definitely it is not a bug in the openssh package.