Re: incidents Digest 22 Feb 2004 13:01:58 -0000 Issue 515

Adrian.S.Howchin_at_transport.qld.gov.au
Date: 02/23/04

  • Next message: AJ Cochenour: "FW: OpenSSH anomaly" 
    To: incidents@securityfocus.com
Date: Mon, 23 Feb 2004 13:40:05 +1000

    incidents-digest-help@securityfocus.com on 22/02/2004 11:01:58 PM

    To: incidents@securityfocus.com
    cc:
    Subject: incidents Digest 22 Feb 2004 13:01:58 -0000 Issue 515

    My only thought is the plain obvious stuff, eg. did the user (you attempted
    to log in as) have permission to their home directory? I recently found a
    similar thing happening to me, although granted this was with VSFTPD, not
    openssh...

    HTH,
    Adrian

    <Standard "This mans' opinion does not represent our companys'
    opinion...unless you like what he says, then we told him to say it!"
    disclaimer>

    Date: Sun, 22 Feb 2004 09:45:27 -0800 (PST)
    From: Benjamin Franz <snowhare@nihongo.org>
    To: incidents@securityfocus.com
    Subject: OpenSSH anomaly
    Message-ID:
    <Pine.LNX.4.44.0402220936480.16429-100000@high-mountain.nihongo.org>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="us-ascii"

    I'm running a RedHat Enterprise 3 ES server that has been running fairly
    reliably for a month. This morning we could not remotely login to the
    server via SSH because openssh would terminate the connection immediately
    (no delay) after apparently successfully logging in - without giving a
    prompt. We are current on patches up to Feb 1 with the exception of the
    kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
    restoring connectivity. We couldn't find any footprints in any log or any
    suspicious file activity. No record of the failed logins (we attempted
    using both pubkey and password) were in the logs. The openssh version is
    RedHat's 3.6.1p2-18.

    Has anyone else seen something similiar? 

    --
Benjamin Franz
On that of which one cannot speak, one must remain silent.
                                   ---Wittgenstein
************************************************************
Opinions contained in this e-mail do not necessarily reflect
the opinions of the Queensland Department of Main Roads,
Queensland Transport or Maritime Safety Queensland, or
endorsed organisations utilising the same infrastructure.
If you have received this electronic mail message in error,
please immediately notify the sender and delete the message
from your computer.
************************************************************
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_incidents_040219
----------------------------------------------------------------------------
  • Next message: AJ Cochenour: "FW: OpenSSH anomaly"