Hi guys,
Sorry for the long email, important stuff is at the top, but I've tried to
provide as many hopefully useful details as possible.
I've asked this question in freebsd-question mail list but so far didn't
get any answers there.
Excuse me for cross-posting. I don't usually do this, but this matter is
somewhat critical and all my searches brought surprisingly few results.
My problem is that few days ago PAM somehow got corrupted or something.
Basically I can't login neither through ssh or console. The error is:
====- 8< -==================================================su: in
openpam_load_module(): no pam_unix.so found
su: pam_start: system error
====- 8< -==================================================
pam_unix.so is in /usr/lib:
====- 8< -==================================================# ls -l
/usr/lib/pam_unix*
lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so ->
pam_unix.so.3
-r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3
# file /usr/lib/pam_unix.so
/usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3'
====- 8< -==================================================
Other PAM modules seem to work, i.e. Courier with SSL works and SAMBA does as
well.
Luckily I still have one ssh root session alive (so far!).
I have this bad feeling that on disconnect or reboot I will loose the access to
the box.
I'd be very grateful for _any_ ideas I could check/try to get it working.
This is my first FreeBSD box, I've spent quite some time setting it up and
getting familiar with the OS in the process. It was working for about year
without any problems.
So far my level of experience is not enough to trace it down, so any help would
be appreciated.
Below is some history that might (or might not) be relevant:
Now, few days ago I started getting the following in the daily security run
output:
====- 8< -==================================================Checking for
packages with security vulnerabilities:
su: pam_start: system error
====- 8< -==================================================
What I see on the console is:
====- 8< -==================================================su: in
openpam_load_module(): no pam_unix.so found
su: pam_start: system error
====- 8< -==================================================
I can't also login neither through ssh nor on the console - getting same
error.
Mail server still working no problem, smtp and POP via SSL work and authorize
fine.
There is one more thing that is suspiciously close in time to when this started
happening.
In the same security run output where I first saw this error I found this:
====- 8< -==================================================Sep 18 11:11:37
xxxxxx su: BAD SU <myloginname> to root on /dev/ttyp3
Sep 18 11:13:46 xxxxxx sshd[45047]: Bad protocol version identification
'\377\364\377\375\006quit' from <some ip here>
Sep 18 11:15:08 xxxxxx sshd[45056]: Received disconnect from <some ip
here>: 2: Bad packet length 710099706.
====- 8< -==================================================
I'd appreciate any ideas about what happened and how to get it fixed.
Thanks!
--
Best regards,
Victor