Re: OpenSSH anomaly
From: Tavis Paquette (tavis.lists_at_galaxytelecom.net)
Date: 02/23/04
- Previous message: Honza Vlach: "Re: OpenSSH anomaly"
- In reply to: Benjamin Franz: "OpenSSH anomaly"
- Next in thread: GUSAIN,SUBODH (HP-Canada,ex1): "RE: OpenSSH anomaly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Feb 2004 05:25:10 -0800 To: incidents@securityfocus.com
Benjamin Franz wrote:
>I'm running a RedHat Enterprise 3 ES server that has been running fairly
>reliably for a month. This morning we could not remotely login to the
>server via SSH because openssh would terminate the connection immediately
>(no delay) after apparently successfully logging in - without giving a
>prompt. We are current on patches up to Feb 1 with the exception of the
>kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
>restoring connectivity. We couldn't find any footprints in any log or any
>suspicious file activity. No record of the failed logins (we attempted
>using both pubkey and password) were in the logs. The openssh version is
>RedHat's 3.6.1p2-18.
>
>Has anyone else seen something similiar?
>
>
>
I've encountered behaviour similar to this in an unrelated
configuration, it involved the use of PAM and the pam-limits.so module
with it you can limit (among other things) the maximum amount of
concurrent logins for a specific account
This is how openssh behaves when the limit has been reached, the
assumption here is that the password has been entered correctly.
--- reticent@cynosure| ssh admin@192.168.xxx.xxx Password: Connection to 192.168.xxx.xxx closed by remote host. Connection to 192.168.xxx.xxx closed. --- You may want to look at your pam configuration for sshd if indeed your system uses PAM (i'm not a redhat user so i cannot provide references to config file locations) tavis --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_incidents_040219 ----------------------------------------------------------------------------
- Previous message: Honza Vlach: "Re: OpenSSH anomaly"
- In reply to: Benjamin Franz: "OpenSSH anomaly"
- Next in thread: GUSAIN,SUBODH (HP-Canada,ex1): "RE: OpenSSH anomaly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
