[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] ssh stopped working and can't login as root

Subject: Re: [cobalt-users] ssh stopped working and can't login as root
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri Feb 22 04:35:33 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 21 Feb 2002, Jane Meeker wrote:
<snip>
> Two days ago SSH stopped working.  I turned on telnet and I can telnet
in  > but not as root.
> 
> In the logs I see this:
> 
> Feb 19 20:40:24 www sshd2[18319]: WARNING: Host key pair is not specified, 
> trying to use default 'hostkey'.
> Feb 19 20:40:24 www sshd2[18319]: Listener created on port 22.
> Feb 19 20:40:24 www sshd2[18325]: Daemon is running.
> Feb 19 20:40:48 www sshd2[18326]: Local disconnected: Illegal protocol 
> version.
> Feb 19 20:40:48 www sshd2[18326]: protocol version not supported in local: 
> 'Illegal protocol version.'
> AND
> Any idea what these accounts are for?
> dns:x:500:500::/home/dns:/bin/bash
> tcp:x:0:0::/bin:/bin/bash

The tcp accouunt is running with root provlidges
For the record,
Which version of ssh are  (were) you runing?
Which version of bind are you running?
What does netstat -tupan look like?, and strange processes running?

It looks to me like you may have been hacked.
Do you have chkrootkit installed?
If so run it and you may get more information.

--
Gerald Waugh

References:
- [cobalt-users] ssh stopped working and can't login as root
  - From: Jane Meeker

Prev by Date: [cobalt-users] Qube 3 using LDAP as address book?
Next by Date: Re: [cobalt-users] ssh stopped working and can't login as root
Previous by thread: Re: [cobalt-users] ssh stopped working and can't login as root
Next by thread: Re: [cobalt-users] ssh stopped working and can't login as root

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index