SSH authentication failure: cannot open shared object file after Cloud Linux is removed

After removing Cloud Linux, SSH authentication may fail and show the following error.

Dec  1 11:36:08 server sshd[299734]: error: PAM: pam_open_session(): 
Module is unknown

Running the SSH autofixer to restart SSH on port 23

https://<server ip>:2087/scripts2/doautofixer?autofix=safesshrestart

Login to the WHM using your username 'root' and the server root password as the password. The autofixer will run as follows

AutoFixer Execution

Requesting script ...

Done.


Executing script ...


Attempting to locate sshd binaries installed on the system ...

Located /usr/sbin/sshd

Done.

Killing existing sshd processes...

Stopping sshd: [  OK  ]


killed 2556 killed 2563 killed 10916 killed 10925 killed 94623 killed 
94627 killed 278734 killed 278736 killed 319973 killed 319975 killed 
324278 killed 324280 killed 340955 killed 340960 killed 344881 killed 
344882 killed 389410 killed 389412 killed 393402 killed 393406 killed 
411959 killed 411961 killed 522629 killed 522636 killed 561774 killed 
561782 killed 582441 killed 582454 killed 607163 killed 607190 killed 
648113 killed 648114 killed 662296 killed 662297 killed 697069 killed 
697071 killed 698563 killed 698564 killed 811792 killed 811793 killed 
912117 killed 912142 killed 914249 killed 914257 Done.

Attempting to locate available port ...

port 22 is already in use

configuring sshd to run on port 23

/usr/sbin/sshd successfully started!

root      306012  0.0  0.0  64816  1292 ?        Ss   11:38   0:00 
/usr/sbin/sshd -f /var/cpanel/safe_sshd
Done.

Diagnosing the issue

SSH to the server on the port listed as the running port “configuring sshd to run on port 23”, if this port is not open by your firewall then open it for your IP.

Once logged in you can review the secure log which holds the log for sshd to see the issue:

root@server [/var/log]# grep PAM /var/log/secure
Dec  1 11:36:07 server sshd[299734]: PAM unable to 
dlopen(/lib64/security/pam_lve.so)

First we can see this module doesn't exist with the following line:

# stat /lib64/security/pam_lve.so
stat: cannot stat `/lib64/security/pam_lve.so': No such file or directory

If we check the version of sshd you can see its a standard RPM, the underlying cause is that this PAM (Pluggable authentication module) module left over from cloud linux's lve feature is still called in the pam.d config:

# rpm -qi openssh-server
Name        : openssh-server               Relocations: (not relocatable)
Version     : 4.3p2                             Vendor: CentOS
Release     : 82.el5                        Build Date: Wed 22 Feb 2012 
08:04:57 AM PST
Install Date: Thu 08 Mar 2012 02:41:26 AM PST      Build Host: 
builder10.centos.org
Group       : System Environment/Daemons    Source RPM: 
openssh-4.3p2-82.el5.src.rpm
Size        : 491029                           License: BSD
Signature   : DSA/SHA1, Wed 22 Feb 2012 10:46:31 AM PST, Key ID 
a8a447dce8562897
URL         : http://www.openssh.com/portable.html
Summary     : The OpenSSH server daemon
Description :
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.

Fixing the issue

View the contents of the config file calling with with the following command

cat /etc/pam.d/sshd

You will see the following:

# cat /etc/pam.d/sshd
#%PAM-1.0
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so

auth       required     pam_shells.so
session      required      pam_lve.so      500      0

Remove or comment out this line with your favorite editor (vi, nano, etc) by adding # in front of the line:

# session required pam_lve.so

Then restart ssh

service sshd restart: