QRadar: SSHD Service Cannot Start After Upgrade

Troubleshooting

Problem

Custom modifications in /etc/ssh/sshd_config can cause ssh connection being unavailable after QRadar upgrade. During the server boot an error message can be seen on the server console informing that sshd server failed to start, due to sshd_config error.

Symptom

The following error is displayed on the QRadar appliance console screen during boot time:

Starting sshd: /etc/ssh/sshd_config line 147: Directive 'Ciphers' is not allowed within a Match block

Also there will be no SSH access to the QRadar appliance once it has booted.

Resolving The Problem

You will need console access to the QRadar appliance. For example IMM (IBM Integrated Management Module) Remote Access for IBM xSeries servers. You should be familiar with editing text files in Linux environment.

1. Log in as root user,

2. Open /etc/ssh/sshd_config file in a text editor of your choice, for example, vi or nano.

3. At the end of this file there should be two lines starting with Ciphers and MACs directives. Move them up in this file so they appear above any Match directives,

4. Save the file and exit the editor,

5. Restart the SSHD service using the following command:

service sshd restart

The service should start successfully, and you should now have a working SSH connection.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Upgrade","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: SSHD Service Cannot Start After Upgrade

Troubleshooting

Problem

Symptom

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?