Security Incidents mailing list archives
Re: OpenSSH anomaly
From: Honza Vlach <janus () volny cz>
Date: Mon, 23 Feb 2004 09:57:29 +0100
Hello, I have experienced the same behaviour with latest openssh (3.7.1p2) once too. It was after a month or so of uptime. I logged in correctly, it even showed me the motd and that I have no new mail and dropped me back to my local console. I have checked the whole system, including md5 sums, but nothing has indicated a compromised host. Reboot solved it. It may be some very rare bug occuring under strange circumstances or something, I supose. The distribution was Slackware 8.0, updated by hand from source since then. Just to let you know, that I would love to hear the cause too ;) Have a nice day, Honza Vlach On Sun, Feb 22, 2004 at 09:45:27AM -0800, Benjamin Franz wrote:
Date: Sun, 22 Feb 2004 09:45:27 -0800 (PST) From: Benjamin Franz <snowhare () nihongo org> To: incidents () securityfocus com Subject: OpenSSH anomaly I'm running a RedHat Enterprise 3 ES server that has been running fairly reliably for a month. This morning we could not remotely login to the server via SSH because openssh would terminate the connection immediately (no delay) after apparently successfully logging in - without giving a prompt. We are current on patches up to Feb 1 with the exception of the kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in restoring connectivity. We couldn't find any footprints in any log or any suspicious file activity. No record of the failed logins (we attempted using both pubkey and password) were in the logs. The openssh version is RedHat's 3.6.1p2-18. Has anyone else seen something similiar?
Attachment:
_bin
Description:
Current thread:
- OpenSSH anomaly Benjamin Franz (Feb 22)
- Re: OpenSSH anomaly Paul Schmehl (Feb 22)
- Re: OpenSSH anomaly Benjamin Franz (Feb 22)
- Re: OpenSSH anomaly Mike Hoskins (Feb 22)
- Re: OpenSSH anomaly Will Tipton (Feb 23)
- Re: OpenSSH anomaly Benjamin Franz (Feb 23)
- Re: OpenSSH anomaly Honza Vlach (Feb 23)
- Re: OpenSSH anomaly Tavis Paquette (Feb 23)
- <Possible follow-ups>
- FW: OpenSSH anomaly AJ Cochenour (Feb 23)
- RE: OpenSSH anomaly GUSAIN,SUBODH (HP-Canada,ex1) (Feb 24)
- Re: OpenSSH anomaly Paul Schmehl (Feb 22)