Introduction
There is another article that relates with the error condition exists as it shows in the title of this article. Actually, the article exists in this link. Furthermore, it describes the root cause and the main problem in detail description. Moreover, the error is actually possible to be available as the continuation of a condition after solving the ssh error problem in this link.
Below is the output of the error when performing the ‘ssh’ command in the command line :
user@hostname:~$ ssh [email protected] [email protected]'s password: Permission denied, please try again. user@hostname:~$
Assessing the situation
In order to solve the problem further, check the ssh service status. Although the remote access via ssh is broken, it is not a problem to check it. Fortunately, there is an active terminal in that server to do it. The ssh service checking process exists in the following output :
[root@localhost lib64]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-02-04 09:08:21; 2min 55s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 22929 (sshd)
CGroup: /system.slice/sshd.service
└─22929 /usr/sbin/sshd -D
Feb 04 09:10:48 localhost.localdomain sshd[23036]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=xxxxxx
Feb 04 09:10:52 localhost.localdomain sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=xxxxxx
Feb 04 09:10:52 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:10:55 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:10:57 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:10:59 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:11:03 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:11:05 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:11:05 localhost.localdomain sshd[23059]: Connection closed by xxx.xxx.xxx.xxx port 45084 [preauth]
Feb 04 09:11:05 localhost.localdomain sshd[23059]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=xxxxxx
[root@localhost lib64]#
Solving the problem
Actually, the following are the steps to accomplish it :
1. First of all, the error occurs after removing packages where the event is mentioned clearly in the article in this link. Fix it by recovering the package with the name of nss-softokn-freebl manually. Achieve it by copy all the files related to the package. Find those related files by visiting the rpm package search page. For an example in this link. In the ‘Files’ section on the page in that link, it lists all of the related files :
/etc/prelink.conf.d /etc/prelink.conf.d/nss-softokn-prelink.conf /usr/lib/dracut/dracut.conf.d/50-nss-softokn.conf /usr/lib/dracut/modules.d/05nss-softokn /usr/lib/dracut/modules.d/05nss-softokn/module-setup.sh /usr/lib64/libfreebl3.chk /usr/lib64/libfreebl3.so /usr/lib64/libfreeblpriv3.chk /usr/lib64/libfreeblpriv3.so
Screenshot image of the ‘Files’ section as follows :
Similarly, the information containing list of related files also exists in this link. Also, In the ‘Files’ section on the page in the mentioned link before, the lists below is the affected files for installing nss-softokn-freebl package.
/etc/prelink.conf.d/nss-softokn-prelink.conf /usr/lib/dracut/dracut.conf.d/50-nss-softokn.conf /usr/lib/dracut/modules.d/05nss-softokn/module-setup.sh /usr/lib64/libfreebl3.chk /usr/lib64/libfreebl3.so /usr/lib64/libfreeblpriv3.chk /usr/lib64/libfreeblpriv3.so
In the mentioned link above, list of the related files with nss-softokn-freebl package exists below in the image screenshot :
2. Copy all of the necessary files into the correct location from another server with the same operating system or environment.
Executing the solution for solving the problem
In this context, the incident of the packages removal makes ‘yum’ utility is also broken. So, reinstalling the packages is definitely not possible. The only option is by manually copying related files. Eventually, in the next section there are description of steps to achieve it in a systematic order.
Copy the first file, the nss-softokn-prelink.conf file
Start checking the condition in the target or the problematic server location before copying the first file, the nss-softokn-prelink.conf, below is :
[root@target lib]# cd /etc/prelink.conf.d/ [root@target prelink.conf.d]# ls fipscheck.conf grub2.conf [root@target prelink.conf.d]#
There is no nss-fotokn-prelink.conf exist according to the output above. So, copy the first file, the nss-softokn-prelink.conf from source server to the problematic or the target server location :
[root@source prelink.conf.d]# scp nss-softokn-prelink.conf [email protected]:/home/user [email protected]'s password: nss-softokn-prelink.conf 100% xxxxx xxxx/s 00:00 [root@source prelink.conf.d]$
After finishing the copy process of the first file, below is the condition in the problematic or the target server location :
[root@target prelink.conf.d]# mv /home/user/nss-softokn-prelink.conf . [root@target prelink.conf.d]# ls -al total 24 drwxr-xr-x. 2 root root 78 Feb 4 09:33 . drwxr-xr-x. 76 root root 8192 Feb 4 07:50 .. -rw-r--r--. 1 root root 57 Aug 2 2017 fipscheck.conf -rw-r--r--. 1 root root 220 Oct 21 2017 grub2.conf -rw-r--r--. 1 root root 184 Feb 4 09:30 nss-softokn-prelink.conf [root@target prelink.conf.d]#
As the output above, at last the file exists.
Copy the second file, the 50-nss-softokn.conf file
Similarly, before copying the second file just check the condition in the target or the problematic server location :
[root@target dracut]# cd dracut.conf.d/ [root@target dracut.conf.d]# ls 01-dist.conf 01-microcode.conf 02-rescue.conf 76-phys-port-name.conf [root@target dracut.conf.d]#
In the output above, there is no file with the name of 50-nss-softokn.conf, so copy the second file from source server to the problematic or the target server location :
[root@source dracut.conf.d]# scp 50-nss-softokn.conf [email protected]:/home/user [email protected]'s password: 50-nss-softokn.conf 100% xxxxx xxxx/s 00:00 root@source dracut.conf.d]#
After the copy process of the second file, don’t forget to check the condition of the problematic or the target server location :
[root@target prelink.conf.d]# mv /home/user/50-nss-softokn.conf . [root@target dracut.conf.d]# ls -al total 20 drwxr-xr-x. 2 root root 130 Feb 4 09:37 . drwxr-xr-x. 4 root root 236 Jul 16 2018 .. -rw-r--r--. 1 root root 524 Apr 11 2018 01-dist.conf -rw-r--r--. 1 root root 22 May 24 2018 01-microcode.conf -rw-r--r--. 1 root root 26 Apr 11 2018 02-rescue.conf -rw-r--r--. 1 root root 65 Feb 4 09:36 50-nss-softokn.conf -rw-r--r--. 1 root root 117 Apr 11 2018 76-phys-port-name.conf [root@target dracut.conf.d]#
Finally, the file with the name of 50-nss-softokn.conf exist.
Copy the third file, the module-setup.sh file
Check the availability of the third file which is the module-setup.sh file. It is done by checking the condition in the target or the problematic server location :
[root@target prelink.conf.d]# cd /usr/lib/dracut/ [root@target dracut]# ls dracut.conf.d dracut-functions dracut-functions.sh dracut-initramfs-restore dracut-init.sh dracut-install dracut-logger.sh dracut-version.sh modules.d skipcpio [root@target dracut]# cd modules.d/ [root@target modules.d]# ls -al total 16 drwxr-xr-x. 64 root root 4096 Feb 4 07:50 . drwxr-xr-x. 4 root root 236 Jul 16 2018 .. drwxr-xr-x. 2 root root 29 Jul 16 2018 00bash drwxr-xr-x. 2 root root 29 Jul 16 2018 00systemd-bootchart drwxr-xr-x. 2 root root 57 Jul 16 2018 03modsign drwxr-xr-x. 2 root root 29 Jul 16 2018 03rescue drwxr-xr-x. 2 root root 72 Jul 16 2018 04watchdog drwxr-xr-x. 2 root root 29 Jul 16 2018 05busybox drwxr-xr-x. 2 root root 111 Jul 16 2018 10i18n drwxr-xr-x. 2 root root 72 Jul 16 2018 30convertfs .... drwxr-xr-x. 2 root root 227 Jul 16 2018 99kdumpbase drwxr-xr-x. 2 root root 48 Jul 16 2018 99shutdown drwxr-xr-x. 2 root root 48 Jul 16 2018 99uefi-lib [root@target modules.d]#
Before copying the third file, create the folder to place the module-setup.sh file in the target or the problematic server location :
[root@source modules.d]# mkdir 05nss-softokn [root@source modules.d]# chmod -Rv 755 05nss-softokn/ mode of ‘05nss-softokn/’ retained as 0755 (rwxr-xr-x) [root@source modules.d]# cd 05nss-softokn/ [root@source 05nss-softokn]# ls -al total 4 drwxr-xr-x. 2 root root 6 Feb 4 09:34 . drwxr-xr-x. 65 root root 4096 Feb 4 09:34 .. [root@source 05nss-softokn]#
Afterwards, just continue the above step to copy the third file. Certainly it is for copying the module-setup.sh file to the target or the problematic server :
[root@source 05nss-softokn]# scp 05nss-softokn/module-setup.sh [email protected]:/home/user [email protected]'s password: module-setup.sh 100% xxxxx xxxx/s 00:00 [root@source 05nss-softokn]#
In the end, don’t forget to check the problematic server after copying the third file. Obviously to check the availability of that file :
[root@target 05nss-softokn]# ls [root@target 05nss-softokn]# mv /home/user/module-setup.sh . [root@target 05nss-softokn]# ls -al total 8 drwxr-xr-x. 2 root root 29 Feb 4 09:35 . drwxr-xr-x. 65 root root 4096 Feb 4 09:34 .. -rw-r--r--. 1 root root 293 Feb 4 09:34 module-setup.sh [root@target 05nss-softokn]#
Copy the rest of the files, the libfreebl3.so, libfreebl3.chk, libfreeblpriv3.chk and libfreeblpriv3.so files
As the previous steps, check first the condition of the target or the problematic server before copying all those files :
[root@target lib64]# ls -al total 62072 dr-xr-xr-x. 40 root root 20480 Feb 4 09:40 . drwxr-xr-x. 15 root root 188 Jul 30 2018 .. drwxr-xr-x. 2 root root 6 Jun 10 2014 apr-util-1 drwxr-xr-x. 2 root root 28 Jul 16 2018 audit ... -r-xr-xr-x. 1 root root 356120 Apr 11 2018 libdevmapper.so.1.02 ... -rwxr-xr-x. 1 root root 72192 Sep 7 2017 libformw.so.5.9 ... -rwxr-xr-x. 1 root root 535064 Aug 2 2017 libgcrypt.so.11.8.2 ... -rwxr-xr-x. 1 root root 339104 Apr 11 2018 libgobject-2.0.so.0.5400.2 ... drwxr-xr-x. 2 root root 4096 Jul 16 2018 xtables [root@target lib64]#
In the above output, there are no related files with the nss-softokn-freebl package. So, copy all of those files from the source server to the target or problematic server :
[root@localhost dracut.conf.d]# cd /usr/lib64/ [root@localhost lib64]# scp libfreebl3.so libfreebl3.chk libfreeblpriv3.so libfreeblpriv3.chk [email protected]'s password: libfreebl3.so 100% xxxxx xxxx/s 00:00 libfreebl3.chk 100% xxxxx xxxx/s 00:00 libfreeblpriv3.so 100% xxxxx xxxx/s 00:00 libfreeblpriv3.chk 100% xxxxx xxxx/s 00:00 [root@localhost lib64]#
Last but not least, below is the last output in this article. Mainly, it is to make sure the content in the target or the problematic server. Look for the libfreebl3.chk, libfreebl3.so, libfreeblpriv3.chk and libfreeblpriv3.so file whether it exist in it or not :
[root@localhost lib64]# ls -al total 62072 dr-xr-xr-x. 40 root root 20480 Feb 4 09:40 . drwxr-xr-x. 15 root root 188 Jul 30 2018 .. drwxr-xr-x. 2 root root 6 Jun 10 2014 apr-util-1 drwxr-xr-x. 2 root root 28 Jul 16 2018 audit ... -rwxr-xr-x. 1 root root 72192 Sep 7 2017 libformw.so.5.9 -rw-r--r--. 1 root root 899 Feb 4 09:39 libfreebl3.chk -rwxr-xr-x. 1 root root 11448 Feb 4 09:04 libfreebl3.so -rw-r--r--. 1 root root 899 Feb 4 09:39 libfreeblpriv3.chk -rw-r--r--. 1 root root 551840 Feb 4 09:39 libfreeblpriv3.so ... drwxr-xr-x. 2 root root 4096 Jul 16 2018 xtables [root@localhost lib64]#
Finishing the solution
Finally, restart the ssh server and remote the problematic or the target server again for final testing.