Applies to: Centrify-enabled OpenSSH 5.9p1-4.5.3.557 on RedHat Enterprise Linux 4 update 8.
Problem:
OpenLDAP is configured with SSL enabled and Centrify DirectControl on the same Linux server.
However a segfault error is reported while attempting an SSH connection:
Oct 17 16:16:44 server1 centrify-sshd: SSH Server Stopped succeeded
Oct 17 16:16:57 server1 sshd: succeeded
Oct 17 16:17:10 server1 sshd(pam_unix)[22781]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=testmachine.abc.com user=ABC
Oct 17 16:17:12 server1 sshd(pam_unix)[22781]: session opened for user ABC
by (uid=0)
Oct 17 16:17:28 server1 sshd: sshd -TERM succeeded
Oct 17 16:17:33 server1 sshd[22975]: Server listening on :: port 22.
Oct 17 16:17:33 server1 sshd[22975]: Server listening on 0.0.0.0 port 22.
Oct 17 16:17:36 server1 sshd(pam_unix)[22781]: session closed for user ABC
Oct 17 16:18:31 server1 sshd(pam_unix)[22986]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=testmachine.abc.com user=ABC
Oct 17 16:18:31 sdtstem01 kernel: sshd[22986]: segfault at 0000000000000020 rip
0000002a95ba8a0d rsp 0000007fbfffe0b0 error 4
Cause:
There is a compatibility issue with the system's libssl.
Workaround:
Preload Centrify's libssl before running the SSH daemon.
Please edit /etc/init.d/centrify-sshd and insert a line before line 94 (i.e. Before starting centrify-sshd):
export LD_PRELOAD=/usr/share/centrifydc/lib64/libssl.so
Save the file and then restart centrify-sshd:
/etc/init.d/centrify-sshd restart
Resolution:
There is a static link libssl in latter releases (Centrify-enabled OpenSSH 6.0p1)