Re: trouble with OpenSSH_3.4p1

From: tilo (rufus.t.kremer@gmx.net)
Date: 06/29/02 

From: tilo <rufus.t.kremer@gmx.net>
Date: Sat, 29 Jun 2002 06:09:38 +0200

where wrote:

> ello,
>
> Ok..this is a linux box running kernel 2.4.18 with a few grsecurity mods ..none that include the option for users to not open sockets
> (just in case you ask)
>
> I have installed : sshd version OpenSSH_3.4p1
> I have sshd:sshd user/grp on my box as well as /var/empty owned by root:root
> drwx------ 2 root root 1024 Jun 27 14:54 empty/
> I used the follwing compile options:
> ./configure --with-md5-passwords --with-pam --with-tcp-wrappers --with-privsep-user=sshd
>
> I restarted sshd after the install..
>
> and here is what happens:
>
> this is the output as a user is connecting, prior to any passwd being entered:
>
> [root@0ff var]# ps waux | grep sshd | grep -v grep
> root 25429 0.0 0.1 2752 1344 ? S 15:12 0:00 sshd
> root 22683 0.3 0.2 3216 1780 ? S 17:33 0:00 sshd
> sshd 31252 1.5 0.2 2980 1688 ? S 17:33 0:00 sshd
> [root@0ff var]# lsof -p 31252
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> sshd 31252 root cwd DIR 3,5 1024 946359 /var/empty
> sshd 31252 root rtd DIR 3,5 1024 946359 /var/empty
>
> --
>
> Notice that the pid is owned by sshd, but an lsof of the file indicates that that the open files are owned by root..
>
> This is inconsistent with what V3.3.p1 showed me under the same circumstances, and Im guessing not what I want to be happeneing..
> I have a friend that has done exactly what I did, and his lsof of the pid shows the user as sshd..
>
> Any help to resolve this would be appreciated..thanks in advance
>
> list

i found that when i changed my passwords over a ssh connection, they would be different some time later.
i had syslog to one machine and also logging failed connections. on some of the machines were the loopback traffic firewalled, on some
not.
i saw in my syslog various connection attempts from my resolver (of my DNS!) to ports which were normally used by ssh. some of them i.e.
127.0.0.1:53 -> 127.0.0.1:1032
on other boxes, they were also showing up in netstat -an
when i came to the machines dorectly, i coul.d still log in using my original password.
time over time the contents of my sshd_config changed.
changed parameters:
PermitRootlogin yes
ChallengeResponseAuthentication yes
KbdInteractiveAuthentication yes (and one similar with pam)
on a debian box, i could use the usePrivseparation thing, but i’m not sure if it worked.

from here it looks a bit like i am not the only who has shut his machines off...

grtx,
    t

Relevant Pages

  • Re: Office 2003 Clip Art
    ... David Lovell wrote: ... the ideal solution would be to install all the ... > clipart on the server (or the local machines) and for the ... > 2mbit connection, so I can't see it being the connection ...
    (microsoft.public.office.misc)
  • elementary XP networking question under extreme duress, please hel
    ... trying to install my first XP network of two Microsoft XP machines each ... Worthy of mention - I did not want to use ICS, Internet Connection Sharing, ... after using Network Setup Wizard, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: trouble with OpenSSH_3.4p1
    ... > I have installed: sshd version OpenSSH_3.4p1 ... > I restarted sshd after the install.. ... i saw in my syslog various connection attempts from my resolver to ports which were normally used by ssh. ... when i came to the machines dorectly, i coul.d still log in using my original password. ...
    (comp.security.ssh)
  • Re: OOo problems with rpm
    ... > for installing on multiple machines. ... you do a ssh connection to the remote machine you want to install ... where INSTALL is the script that does the installation of the software. ...
    (alt.os.linux.suse)
  • Not able to register server
    ... company get to install the SQL server full version (including the Enterprise ... While the rest of the machines are installed with MSDE. ... I was able to see the machine to connect but after come to the connection, ...
    (microsoft.public.sqlserver.msde)