@how@
Verified User
Last edited:
HOW TO:upgrade OpenSSH
- Thread starter @how@
- Start date
MartijnHOS
Verified User
I have updated my openssh on CentOS 3.5
When someone tries a dictonary shh attack i see the next line in my secure log
Apr 2 00:25:41 server01 sshd[32553]: error: Could not get shadow information for NOUSER
Apr 2 00:25:41 server01 sshd[32553]: Failed password for invalid user addies from **** port 28777 ssh2
The error message is new.
Must i add NOUSER to sshd_config allowuser?
And i n my logwatch i find the next error:
Argument "UNKNOWN" isn't numeric in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Normally on this lines (in my logwatch) there was information like this
admin/password from ****: 4 Time(s)
This has to do with the NOUSER error
Kind regards,
Martijn
When someone tries a dictonary shh attack i see the next line in my secure log
Apr 2 00:25:41 server01 sshd[32553]: error: Could not get shadow information for NOUSER
Apr 2 00:25:41 server01 sshd[32553]: Failed password for invalid user addies from **** port 28777 ssh2
The error message is new.
Must i add NOUSER to sshd_config allowuser?
And i n my logwatch i find the next error:
Argument "UNKNOWN" isn't numeric in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 30, <STDIN> line 805.
Normally on this lines (in my logwatch) there was information like this
admin/password from ****: 4 Time(s)
This has to do with the NOUSER error
Kind regards,
Martijn
Last edited:
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Why? Do you want the attack to succeed?MartijnHOS said:
It appears that these log items are because the attack is failing.
Jeff
MartijnHOS
Verified User
Jeff,
The error wasn't in my logs before i updated. Normally the line was:
Mar 30 08:38:40 server01 sshd[28498]: Illegal user sales from *
Mar 30 08:38:42 server01 sshd[28498]: Failed password for illegal user sales from * port 54886 ssh2
The line illegal user sales from is now an error.
Kind regards
martijn
The error wasn't in my logs before i updated. Normally the line was:
Mar 30 08:38:40 server01 sshd[28498]: Illegal user sales from *
Mar 30 08:38:42 server01 sshd[28498]: Failed password for illegal user sales from * port 54886 ssh2
The line illegal user sales from is now an error.
Kind regards
martijn
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I presume you're still able to log in as ssh. I'm only guessing ... that the error is because of the way the sshd daemon is seeing the attack.
You might try googling the error.
Jeff
You might try googling the error.
Jeff
MartijnHOS
Verified User
Yes i still can login to ssh.
Google didn't gave me a solution. I will just ignore it.
Google didn't gave me a solution. I will just ignore it.
Pascal
Verified User
klassik said:
On 3 and 4 it works so...
Anyway, since I upgraded I have some errors in the log file
Code:
Apr 20 21:35:07 sf01 sshd[19522]: rexec line 74: Unsupported option GSSAPIAuthentication
Apr 20 21:35:07 sf01 sshd[19522]: rexec line 76: Unsupported option GSSAPICleanupCredentials
Apr 20 21:35:07 sf01 sshd[19522]: rexec line 87: Unsupported option UsePAM@how@
Verified User
Pascal said:On 3 and 4 it works so...
Anyway, since I upgraded I have some errors in the log file
Code:Apr 20 21:35:07 sf01 sshd[19522]: rexec line 74: Unsupported option GSSAPIAuthentication Apr 20 21:35:07 sf01 sshd[19522]: rexec line 76: Unsupported option GSSAPICleanupCredentials Apr 20 21:35:07 sf01 sshd[19522]: rexec line 87: Unsupported option UsePAM
Code:
nano -w /etc/ssh/sshd_configGSSAPIAuthentication
add # before
find
GSSAPICleanupCredentials
add # before
find
UsePAM
add # before
SAVE
restart /sbin/service sshd restart