Results 1 to 16 of 16

Thread: WARNING: SSH exploit - upgrade information

  1. #1
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326

    WARNING: SSH exploit - upgrade information

    As with all howto guides i provide, i take no responsibility, any damages that may occur to your server are your own responsibility, if you are worried about running the upgrade i recommend you hire a server administrator .

    latest open SSH exploit over the last 48 hours, more information regarding the exploit can be found here:

    http://slashdot.org/articles/03/09/1...id=126&tid=172

    to upgrade:

    login as admin
    su - to root

    # wget http://prowebuk.com/TEMP/DOWNLOADS/O...h-3.7p1.tar.gz

    BEFORE DOING ANY UPGRADES MAKE SURE YOU HAVE TELNET RUNNING, CONNECT AND KEEP A CONNECTION WHILST YOU PROCEED WITH THE UPGRADE.

    for DirectAdmin you should be able to enable telnet by doing the following:

    # pico -w /etc/xinetd.d/telnet
    change the line 'disable = yes' to 'disable = no'
    save the file and exit
    # service xinetd restart
    also make sure you have port 23 open in your firewall (if you have a firewall)


    Ok, lets start proceed with the upgrade

    # tar -zxvf openssh-3.7p1.tar.gz
    # cd openssh-3.7p1
    # ./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-md5-passwords
    # make
    # make install

    # service sshd restart

    alternatively to restart use:

    # /sbin/service sshd restart

    open a new SSH window and make sure you can successfully connect to SSH... if everything is ok you will be able to disable telnet:

    # pico -w /etc/xinetd.d/telnet
    change the line 'disable = no' to 'disable = yes'
    save the file and exit
    # service xinetd restart

    If you have a firewall make sure you block port 23 to stop telnet being acessed.

    Post if you have any problems

    Chris
    Last edited by ProWebUK; 09-17-2003 at 05:11 PM.
    OptimumServers » Managed Dedicated Servers & General Systems Management » Coming Soon!
    ProWebUK - Quality Web Services
    DirectAdmin Server Checklist

  2. #2
    Join Date
    May 2003
    Posts
    142
    You might want to condfigure OpenSSH with pam..

    And people upgrading from older version of OpenSSH might needed add an sshd user..

    adduser sshd -s /sbin/nologin
    And then run make install again...

  3. #3
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326
    i had the ssh user problem with another box... i will add the pam information now
    OptimumServers » Managed Dedicated Servers & General Systems Management » Coming Soon!
    ProWebUK - Quality Web Services
    DirectAdmin Server Checklist

  4. #4
    Join Date
    Jun 2003
    Posts
    1,471
    I'm having a slight problem:
    Code:
    [root@server1 root]# `echo -e /etc/xinetd.d/telnet`
    -bash: /etc/xinetd.d/telnet: No such file or directory
    
    [root@server1 xinetd.d]# locate telnet
    /usr/bin/telnet
    /usr/lib/python2.2/telnetlib.py
    /usr/lib/python2.2/telnetlib.pyc
    /usr/lib/python2.2/telnetlib.pyo
    /usr/lib/perl5/vendor_perl/5.8.0/URI/telnet.pm
    /usr/share/man/man1/telnet.1.gz
    /usr/share/terminfo/t/tgtelnet
    /usr/include/arpa/telnet.h
    Last edited by l0rdphi1; 09-17-2003 at 04:29 PM.
    Installatron Plugin is a native DirectAdmin plugin that provides you and your customers an intuitive interface to install, manage, upgrade, and backup/restore a premier collection of the best applications on the web, all instantly at the click of a button.

    Also: cPanel-to-DA converterBulk Domains and Sub-domain PluginDA User Tool

  5. #5
    Hello,

    It doesn't appear as though you have telnet installed. (Don't see a telnetd file).

    Just a guess, but try using up2date and see if it will install it for you:

    up2date -r telnet

    not sure, but just a guess.

    ****

    Also, note about the configure line.. I *had* to add
    Code:
    --with-md5-passwords
    to get logins working again (pam wasn't playing nice). I didn't use pam in the end, but I guess it would try both methods to login if one failed. Good thing I had a telnet window open

    John

  6. #6
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326
    --with-md5-passwords now added to the configure line
    OptimumServers » Managed Dedicated Servers & General Systems Management » Coming Soon!
    ProWebUK - Quality Web Services
    DirectAdmin Server Checklist

  7. #7
    Join Date
    Jun 2003
    Posts
    1,471
    No luck here

    Says -r isn't a valid option, and plain old up2date telnet says it's already updated.
    Installatron Plugin is a native DirectAdmin plugin that provides you and your customers an intuitive interface to install, manage, upgrade, and backup/restore a premier collection of the best applications on the web, all instantly at the click of a button.

    Also: cPanel-to-DA converterBulk Domains and Sub-domain PluginDA User Tool

  8. #8
    Says -r isn't a valid option
    Sorry about that I got my FreeBSD pkg_add and up2date -u mixed up. Should be "up2date -u telnet" .. but since you already have it... maybe try
    Code:
    up2date -u telnetd
    to see if the daemon comes seperately. (note the "d" at the end)

    John

  9. #9
    Join Date
    Jun 2003
    Posts
    1,471
    Originally posted by DirectAdmin Support
    Sorry about that I got my FreeBSD pkg_add and up2date -u mixed up.
    I thought that might be the case.. hah.

    Anyway, I'm having no luck with up2date -u telnetd either.

    Tried to re-register and made sure the "telnet" box was checked. On RHN it is saying I have telnet-0.17-25:1.i386.rpm installed.

    Hmm..
    Installatron Plugin is a native DirectAdmin plugin that provides you and your customers an intuitive interface to install, manage, upgrade, and backup/restore a premier collection of the best applications on the web, all instantly at the click of a button.

    Also: cPanel-to-DA converterBulk Domains and Sub-domain PluginDA User Tool

  10. #10
    Join Date
    Jun 2003
    Posts
    1,471
    I got it

    Had to install telnet-server-0.17-25:1.i386.rpm



    *sigh*




    [edit]I too had to cut the --with-pam bit out to get this to configure right.[/edit]
    Last edited by l0rdphi1; 09-17-2003 at 09:03 PM.
    Installatron Plugin is a native DirectAdmin plugin that provides you and your customers an intuitive interface to install, manage, upgrade, and backup/restore a premier collection of the best applications on the web, all instantly at the click of a button.

    Also: cPanel-to-DA converterBulk Domains and Sub-domain PluginDA User Tool

  11. #11
    Join Date
    Dec 2003
    Posts
    26
    l0rdphi1,

    You need to run the following command:

    up2date -i pam-devel


    Whenever you get those kinds of messages when you are sure that the object is installed, you are most likely missing the devel package.


    Also, you could have ran:

    up2date -i telnet-server

    to get the telnet server on your box.

  12. #12
    Join Date
    Nov 2003
    Posts
    48
    Would those who've had DA installed after October need to upgrade SSHD? Does DA install the latest by default? How can I check which version I have running?

  13. #13
    Join Date
    Sep 2003
    Location
    The Netherlands
    Posts
    556
    Originally posted by RTKS
    Would those who've had DA installed after October need to upgrade SSHD? Does DA install the latest by default? How can I check which version I have running?
    yes, you should
    no, it doesn't
    sshd -v or sshd -V, keep forgetting, otherwise just try sshd --help
    (When you are using RH 9.0 you can still use up2date, other versions will need a source compile )

  14. #14
    Join Date
    Jun 2003
    Posts
    1,471
    OpenSSH 3.8 was released today by the way
    Installatron Plugin is a native DirectAdmin plugin that provides you and your customers an intuitive interface to install, manage, upgrade, and backup/restore a premier collection of the best applications on the web, all instantly at the click of a button.

    Also: cPanel-to-DA converterBulk Domains and Sub-domain PluginDA User Tool

  15. #15
    Join Date
    Jul 2004
    Posts
    19
    what is the new ssh and ist the same step to upgrade?

  16. #16
    Join Date
    Sep 2003
    Location
    The Netherlands
    Posts
    556
    Originally posted by hail
    what is the new ssh and ist the same step to upgrade?
    You should know how/where to find these packages yourself

    Take a peek at http://www.openssh.org/.
    Ya can't miss it.

Similar Threads

  1. php 5.2.3 exploit
    By Bradhost in forum MySQL / PHP
    Replies: 0
    Last Post: 09-16-2007, 06:35 AM
  2. SPF DoS Exploit
    By redesb in forum E-Mail
    Replies: 0
    Last Post: 10-04-2006, 07:24 AM
  3. Bind Exploit
    By jlpeifer in forum DNS
    Replies: 6
    Last Post: 09-06-2006, 01:32 PM
  4. show spamd information in System Information and Service Monitor
    By dannygoh in forum Feedback & Feature Requests
    Replies: 3
    Last Post: 12-09-2004, 10:40 AM
  5. Fake redhat exploit warning circulating
    By ctnchris in forum DirectAdmin General Discussion
    Replies: 1
    Last Post: 10-25-2004, 12:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •