Security Incidents mailing list archives
FW: OpenSSH anomaly
From: "AJ Cochenour" <ajc () ipervasive com>
Date: Sun, 22 Feb 2004 21:42:35 -0700
No input on cause, however *if* it exhibits these symptoms again run the following from the console: ps -auxwwf | grep ssh (to get PID) strace -p <PID> Then attempt another ssh session, strace should give a complete (if exhausting) accounting of events. aj -----Original Message----- From: Mike Hoskins [mailto:mike () adept org] Sent: Sunday, February 22, 2004 3:36 PM To: incidents () securityfocus com Subject: Re: OpenSSH anomaly On Sun, 22 Feb 2004, Benjamin Franz wrote:
I'm running a RedHat Enterprise 3 ES server that has been running
fairly
reliably for a month. This morning we could not remotely login to the server via SSH because openssh would terminate the connection
immediately
(no delay) after apparently successfully logging in - without giving a prompt.
did you by chance attempt doing an `ssh -v ...` to the host while it was exhibiting this behavior? the verbose debug output would at least let you see precisely what was happening wrt SSH when the disconnect occured. -m ------------------------------------------------------------------------ --- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_incidents_040219 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_incidents_040219 ----------------------------------------------------------------------------
Current thread:
- OpenSSH anomaly Benjamin Franz (Feb 22)
- Re: OpenSSH anomaly Paul Schmehl (Feb 22)
- Re: OpenSSH anomaly Benjamin Franz (Feb 22)
- Re: OpenSSH anomaly Mike Hoskins (Feb 22)
- Re: OpenSSH anomaly Will Tipton (Feb 23)
- Re: OpenSSH anomaly Benjamin Franz (Feb 23)
- Re: OpenSSH anomaly Honza Vlach (Feb 23)
- Re: OpenSSH anomaly Tavis Paquette (Feb 23)
- <Possible follow-ups>
- FW: OpenSSH anomaly AJ Cochenour (Feb 23)
- RE: OpenSSH anomaly GUSAIN,SUBODH (HP-Canada,ex1) (Feb 24)
- Re: OpenSSH anomaly Paul Schmehl (Feb 22)