Re: OpenSSH anomaly

From: Benjamin Franz (snowhare_at_nihongo.org)
Date: 02/22/04

  • Next message: Mike Hoskins: "Re: OpenSSH anomaly" 
    Date: Sun, 22 Feb 2004 11:21:27 -0800 (PST)
To: incidents@securityfocus.com

    On Sun, 22 Feb 2004, Paul Schmehl wrote:

    > --On Sunday, February 22, 2004 9:45 AM -0800 Benjamin Franz
    > <snowhare@nihongo.org> wrote:
    >
    > >
    > > I'm running a RedHat Enterprise 3 ES server that has been running fairly
    > > reliably for a month. This morning we could not remotely login to the
    > > server via SSH because openssh would terminate the connection immediately
    > > (no delay) after apparently successfully logging in - without giving a
    > > prompt. We are current on patches up to Feb 1 with the exception of the
    > > kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
    > > restoring connectivity. We couldn't find any footprints in any log or any
    > > suspicious file activity. No record of the failed logins (we attempted
    > > using both pubkey and password) were in the logs. The openssh version is
    > > RedHat's 3.6.1p2-18.
    > >
    > > Has anyone else seen something similar?
    > >
    > Sounds like tcpwrappers was rejecting the login. Check /var/log/messages
    > to see if the reverse lookup on the remote IP was failing. If it was, you
    > might have to add that IP to the /etc/hosts.allow file.

    No messages at all in /var/log/messages (or /var/log/secure) related to
    sshd at all with the exception of a bad protocal version id complaint in
    /var/log/secure caused when I tried a telnet to port 22 during the
    not-working period of time. 

    -- 
Jerry
On that of which one cannot speak, one must remain silent.
                                   ---Wittgenstein
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_incidents_040219
----------------------------------------------------------------------------
  • Next message: Mike Hoskins: "Re: OpenSSH anomaly"