Re: OpenSSH anomaly

[Honza Vlach <janus () volny cz>]

Hello,
I have experienced the same behaviour with latest openssh
(3.7.1p2) once too. It was after a month or so of uptime. I logged in
correctly, it even showed me the motd and that I have no new mail and
dropped me back to my local console. I have checked the whole system,
including md5 sums, but nothing has indicated a compromised host. Reboot solved
it. It may be some very rare bug occuring under strange circumstances or
something, I supose. The distribution was
Slackware 8.0, updated by hand from source since then.

Just to let you know, that I would love to hear the cause too ;)
Have a nice day,
Honza Vlach

On Sun, Feb 22, 2004 at 09:45:27AM -0800, Benjamin Franz wrote:
> Date: Sun, 22 Feb 2004 09:45:27 -0800 (PST)
> From: Benjamin Franz <snowhare () nihongo org>
> To: incidents () securityfocus com
> Subject: OpenSSH anomaly
>
>
> I'm running a RedHat Enterprise 3 ES server that has been running fairly
> reliably for a month. This morning we could not remotely login to the
> server via SSH because openssh would terminate the connection immediately
> (no delay) after apparently successfully logging in - without giving a
> prompt. We are current on patches up to Feb 1 with the exception of the
> kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
> restoring connectivity. We couldn't find any footprints in any log or any
> suspicious file activity. No record of the failed logins (we attempted
> using both pubkey and password) were in the logs. The openssh version is
> RedHat's 3.6.1p2-18.
>
> Has anyone else seen something similiar?

Attachment: _bin
Description: