Could be a hardware problem:

suggestions, things to think about:

temperature failure (cpu fan, smps fan)? (hdtemp in smartctl package for temperature monitoring of drive)

voltage from smps marginal -> on ssh cpu use -> system glitch.

memory modules? -> press them in firmly. memtest86(+)

waking up from sleep -> power surge related issue?

Does the problem show if you already have an ssh session and you start doing stuff in it?


best
PJ

I have seen loack of entropy problems in the past affecting Solaris machines and the symptoms almost fit.

A good idea might be to enable telnet access - that should continue to work if the problem is SSH failure due to lack of numbers. (Obviously this is only an option if you're really on a trusted network, etc).

Hardware issues, as suggested above, might be more likely, but I guess if you could telnet in and not ssh then you've certainly learned something...

Steve

I have some more info.

This time I kept an active SSH session to the server and the problem happened sometime during the night again. Unfortunately, I am only logged in as a regular user, and I cannot su to root ( I type 'su' , "Password:" prompt appears, type my password, it hangs. I can type Ctrl+C to come back to bash prompt however )

Facts:

1) when I type 'ps aux' I can see a lot of hanging 'crond' processes
2) apart from the problem with logging in, the whole system appears to work normally.
3) Each time I try su'ing to root over the SSH session, I can see the following pop up on tty1:

audit(1212459844.653:196) : user pid=4535 uid=500 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts1, res=success)'

4) Each time I try logging in from the console, I can see the following pop up just below the hanging login attempt:

audit(1212459844.653:196) : user pid=4638 uid=0 auid=4291967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication acct="root" : exe="/bin/login" (hostname=?, addr=?, terminal=tty3, res=success)'

5) the above 'audit' lines appear only if I type the correct password. If I type the incorrect one, the lines do not appear, but the system hangs in exactly the same way nonetheless.

It also doesn't seem to be a problem with overheating, or fan mulfunction.
'top' shows cpu usage 0.1%. Memory usage looks normal to me. Swap almost empty.
vmstat - looks normal.

Maybe it's something related to HDD mulfunction, but would that kind of problem exhibit itself only during logins? Seems to me that'd be highly improbable...

Is there some problem writing to /var/loag/auth.log (or the equivalent on CentOS)? SSH logins, cron and sudo all write to this on my default ubuntu install. Does CentOS limit the size of the /var/log directory in some way? Is /var mounted separately?

I had exactly the same (mysterious ?) problem on an IBM ThinkCenter A51 running under Fedora Core 6 (kernel 2.6.18).
The computer previously run perfectly (H24 7/7) under Fedora Core 3 ; the problem appeared when installing FC6 and last several weeks with unsuccessful investigations (no logs, random locking...).
It was solved (without explanation) by upgrading the kernel to version 2.6.20, available in the FC6 updates.
The same distribution with the same kernel (2.6.18) and configuration run perfectly on some other computers.
I think that you have a 2.6.18 kernel in CentOS 5.1 (like RHEL 5.1).
Does it mean that the 2.6.18 kernel running on certain kind of hardware is prone to locking ?