Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.
Problem description
This article describes the error messages similar to the following in command line or secure log files when the SSH service is started on a Linux ECS instance.
- Error while loading shared libraries: libcrypto. so.10: cannot open shared object file: No such file or directory.
- PAM unable to dlopen (/usr/lib64/security/pam_tally.so):/usr/lib64/security/pam_tally.so: cannot open shared object file: No such file or directory.
Causes
The operation of SSH service depends on the relevant system library files. This problem is usually caused by exceptions in related library files, such as file loss or permission configuration exceptions.
Solution
This article uses the libcrypto. so.10 library file exception as an example to describe how to handle other library files in a similar way.
View information about related library files
- Log on to a normal server and run the following command to view the libcrypto. so.10 file.
Ll/usr/lib64/libcrypto. so.10
A similar output is displayed, indicating that the libcrypto. so.10 library file is a soft link of the libcrypto. so.1.0.1e library file.lrwxrwxrwx. 1 root root 19 Jan 8 12:40 /usr/lib64/libcrypto.so.10 -> libcrypto.so.1.0.1e
- Run the following command to view the libcrypto. so.1.0.1e file.
ll /usr/lib64/libcrypto.so.1.0.1e
A similar output is displayed.-rwxr-xr-x. 1 root root 1965856 Jan 8 03:22 /usr/lib64/libcrypto.so.1.0.1e
- Record the path, permissions, group, and other information of normal library files, and then try to handle it by referring to the following method.
Search for and replace files
You can perform the following steps to check whether there are other valid library files in the system.
- Log on to an ECS instance. For more information about how to log on to an ECS instance, see Connect to a Linux instance by using a management Terminal.
- Run the following command to find the libcrypto. so.1.0.1e file.
Find/-name libcrypto. so.1.0.1e
- Run the following command to copy the files found to a normal Directory.
cp [$File] /usr/lib64/libcrypto.so.1.0.1e
Note: [$File] is the absolute path of the libcrypto. so.1.0.1e library File found in the previous step.
- Run the following commands in sequence to modify file permissions, owner, and group.
chmod 755 /usr/lib64/libcrypto.so.1.0.1e
chown root:root /usr/lib64/libcrypto.so.1.0.1e - Run the following command to create a soft link:
ln -s /usr/lib64/libcrypto.so.1.0.1e /usr/lib64/libcrypto.so.10
- Run the following command to start FTP:
service sshd start
External file Upload
If you have not found a valid libcrypto. so.1.0.1e library file by following the preceding steps. However, the FTP service in the system runs normally, you can upload the normal libcrypto. so.1.0.1e file to the server by following these steps and try to restore the service.
- Use FTP to upload the libcrypto. so.1.0.1e library files from other normal servers to
/Tmp
Directory.Tips: Upload to the Directory of the target server based on the actual environment.
/Tmp
Directory as an example. - Run the following command to copy the file to a normal Directory.
cp /tmp/libcrypto.so.1.0.1e /usr/lib64/libcrypto.so.1.0.1e
- Run the following commands in sequence to modify file permissions, owner, and group.
chmod 755 /usr/lib64/libcrypto.so.1.0.1e
chown root:root /usr/lib64/libcrypto.so.1.0.1e - Run the following command to create a soft link:
ln -s /usr/lib64/libcrypto.so.1.0.1e /usr/lib64/libcrypto.so.10
- Run the following command to start FTP:
service sshd start
Restore a disk by rolling back the disk
If none of the preceding methods are successful, you must roll back the historical snapshots of the system disk. For more information about how to roll back a disk, see Roll back a disk.
Note:
- Snapshot rollback will cause data loss after Rollback. Please confirm before performing this operation.
- We recommend that you roll back the snapshots one by one from near to far until the SSH service runs properly. If the SSH service cannot run normally after the rollback, it indicates that the system has encountered an exception at the corresponding time point.
References
If you have any questions, see Guidelines for troubleshooting failed remote logon through SSH in Elastic Compute Service Linux further troubleshooting and analysis.
Application scope
- ECS