Re: OpenSSH anomaly

From: Tavis Paquette (tavis.lists_at_galaxytelecom.net)
Date: 02/23/04

  • Next message: Benjamin Franz: "Re: OpenSSH anomaly"
    Date: Mon, 23 Feb 2004 05:25:10 -0800
    To: incidents@securityfocus.com
    
    

    Benjamin Franz wrote:

    >I'm running a RedHat Enterprise 3 ES server that has been running fairly
    >reliably for a month. This morning we could not remotely login to the
    >server via SSH because openssh would terminate the connection immediately
    >(no delay) after apparently successfully logging in - without giving a
    >prompt. We are current on patches up to Feb 1 with the exception of the
    >kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
    >restoring connectivity. We couldn't find any footprints in any log or any
    >suspicious file activity. No record of the failed logins (we attempted
    >using both pubkey and password) were in the logs. The openssh version is
    >RedHat's 3.6.1p2-18.
    >
    >Has anyone else seen something similiar?
    >
    >
    >
    I've encountered behaviour similar to this in an unrelated
    configuration, it involved the use of PAM and the pam-limits.so module
    with it you can limit (among other things) the maximum amount of
    concurrent logins for a specific account

    This is how openssh behaves when the limit has been reached, the
    assumption here is that the password has been entered correctly.

    ---
    reticent@cynosure| ssh admin@192.168.xxx.xxx
    Password:
    Connection to 192.168.xxx.xxx closed by remote host.
    Connection to 192.168.xxx.xxx closed.
    ---
    You may want to look at your pam configuration for sshd if indeed your 
    system uses PAM (i'm not a redhat user so i cannot provide references to 
    config file locations)
    tavis
    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_incidents_040219
    ----------------------------------------------------------------------------
    

  • Next message: Benjamin Franz: "Re: OpenSSH anomaly"

    Relevant Pages

    • Re: MS Access LDB file (lock) and INSERT Failure
      ... > Access automatically creates an ldb when you open a connection ... >> "INSERT INTO Logins ... >> When user logins in, I update the DB successfully as below: ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Intermittent behavior connecting through Cisco 678 DSL modem
      ... > I've got opensshd running on a Suse 8.0 Linux box sitting on a LAN ... > which has a DSL internet connection via a Cisco 678 router. ... the Suse box has a Samba ... of openssh to be 3.4-p1 on the Suse box. ...
      (comp.security.ssh)
    • FW: OpenSSH connection Problem
      ... Subject: OpenSSH connection Problem ... general support queries. ... If you are not an intended recipient, you may not review, copy or ...
      (SSH)
    • Re: 2 SSH questions: why does it pause so much, and, can I keep connection alive?
      ... >I believe the server is behind a firewall. ... When a packet arrives, its source IP, ... then the connection is added to the state table. ... > Iım running OpenSSH 3.6.1 on Mac OSX. ...
      (comp.security.ssh)
    • Re: telnet vs Openssh
      ... Make a dialup connection to your server and check the differences, ... telnet is just fine. ... >>This may be why I am seeing a slow down in screen drawing with Openssh. ...
      (comp.unix.sco.misc)