Re: wierd ssh failure

From: Bruce Albrecht (bruce@zuhause.mn.org)
Date: 01/26/01


From: Bruce Albrecht <bruce@zuhause.mn.org>
Date: Fri, 26 Jan 2001 14:30:44 -0600 (CST)
To: freebsd-security@FreeBSD.ORG

Matt Dillon writes:
> :I was trying to log onto my FreeBSD box today from work via ssh after
> :an ssh session apparently terminated, and for about 5 minutes I was
> :getting an error something like "User does not exist! Go away!".
> :Since this is not normal behaviour for ssh, does anyone have any idea
> :what might have happened? Could someone be doing a man-in-the-middle
> :attack on me?
> :
>
> ssh has a really ridiculously low default connections/second limit,
> you might have hit that (or maybe not, I don't get 'user does not exist'
> errors when I overrun it). Look in your /etc/ssh/sshd_config.
>
> The limit has been depreciated (removed) in -current and -stable, but
> was present in 4.2-REL. Here's what I get:
>

I forgot to mention that I'm running 4.2-stable (circa last week).
When I ran strings on sshd, I couldn't find the message that I got
from ssh, which is why I'm wondering if this was a temporary routing
error, or an attempt to do a man-in-the-middle attack.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message