Addendum -- Security updates have made me too secure?
I just received my security update message, and the logs on the gateway
state: "sshd[xxxx]: Faking authloop for illegal user root"
Chris.
--- Chris Clarke
Help!
I have a x86 SUSE 6.1 system running as a gateway/firewall/DNS. There is no keyboard or monitor physically attached to the system, and logons are disabled on the machine. I access it remotely via openSSH, using a root login. This has worked fine for several months now.
Today I installed the following security updates: shlibs-2000.9.5-0.i386.rpm libc-2000.9.5-0.i386.rpm libd-2000.9.5-0.i386.rpm nkitb-2000.7.11-0.i386.rpm
The system is as stock a SuSE as you can get. The only things installed on it are official SuSE RPMs, and SuSEConfig is configured to run.
I just tried to log into it using openssh (1.2.3-12, yes I know there are problems in that version), and when I typed in the root password got told "Permission denied, please try again"!
As there is no keyboard / monitor on the machine I don't know if this is an ssh problem, or a more general problem. Does anyone know what might have happened to this system, and is there any way I can get back into it?
Some things I can note: 1) Most things appear to be running fine, as my other computers have no problems with routing or DNS resolution through the gateway, and 2) OpenSSH is definitely starting, because I get asked for a password.
Thanks, Chris.
__________________________________________________ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/
===== Chris Clarke stcanard@yahoo.com "Whenever two or three are gathered together, then they shall perform the parrot sketch" -- The Comic Messiah __________________________________________________ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/
Chris Clarke wrote:
I just received my security update message, and the logs on the gateway state: "sshd[xxxx]: Faking authloop for illegal user root"
Chris.
This makes me think... There is a rc.config parameter to disable/enable remote root logins. I do not know wether that affects ssh as well and wether it is "updated" to "no" with the securety fix. Any other user to try to login but root??? (probably a superflucious question for a machine like this) Juergen -- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\
Its /etc/securetty actually. Anything that uses login will reference this file. There is however an option for sshd_conf that will allow root to login: PermitRootLogin Yes -miah On Thu, Nov 16, 2000 at 06:19:48PM +0100, juergen.braukmann@ruhr-west.de wrote:
Chris Clarke wrote:
I just received my security update message, and the logs on the gateway state: "sshd[xxxx]: Faking authloop for illegal user root"
Chris.
This makes me think... There is a rc.config parameter to disable/enable remote root logins. I do not know wether that affects ssh as well and wether it is "updated" to "no" with the securety fix. Any other user to try to login but root??? (probably a superflucious question for a machine like this)
Juergen
-- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hvae you checked /etc/ssh/sshd_config or /etc/sshd_config depending on what ssh you're using? You may have the line: PermitRootLogin no instead of being set to yes. On Thu, 16 Nov 2000 juergen.braukmann@ruhr-west.de wrote:
Chris Clarke wrote:
I just received my security update message, and the logs on the gateway state: "sshd[xxxx]: Faking authloop for illegal user root"
Chris.
This makes me think... There is a rc.config parameter to disable/enable remote root logins. I do not know wether that affects ssh as well and wether it is "updated" to "no" with the securety fix. Any other user to try to login but root??? (probably a superflucious question for a machine like this)
Juergen
-- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Chris Clarke
-
jjohnson@penguincomputing.com
-
juergen.braukmann@ruhr-west.de
-
semat