Re: Possibly Hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following is a more verbose output from ssh...

bash-2.05# ssh -v -l simran amarjot
SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to amarjot [192.168.0.6] port 22.
debug1: Allocated local port 1016.
debug1: Connection established.
debug1: identity file //.ssh/identity type 3
debug1: identity file //.ssh/id_rsa type 3
debug1: identity file //.ssh/id_dsa type 3
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 491/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'amarjot' is known and matches the RSA host key.
debug1: Found key in //.ssh/known_hosts:3
debug1: bits set: 493/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: key does not exist: //.ssh/identity
debug1: key does not exist: //.ssh/id_rsa
debug1: key does not exist: //.ssh/id_dsa
debug1: next auth method to try is password
simran@amarjot's password:
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
Permission denied, please try again.
simran@amarjot's password:
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
Permission denied, please try again.
simran@amarjot's password:
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: no more auth methods to try
Unable to find an authentication method
debug1: Calling cleanup 0x39a60(0x0)
bash-2.05#


-Simran

Simran Hansrai wrote:

Okay, now this might make a little more sense.. the error message:

simran@hostnames password:
Permission denied, please try again.
simran@hostnames password:
Unable to find an authentication method

I tried to deploy an ldap server on this host before leaving and reverted my changes since I was unable to get ldap up and running at the time. I did check my nsswitch.conf file and it shows for passwd, group and shadow files first and then ldap. So this should not be the cause but I might be missing something else. Hopefully I am on the right track.. Could this be the issue?

-Simran


Simran Hansrai wrote:


Simran Hansrai wrote:

Jason Dixon wrote:

On Fri, 2004-01-02 at 16:30, Simran Hansrai wrote:


Hi Guys,

I just came back from my vacation and can't seem to login to one of my redhat servers. I am getting the following error message when I try to login:

bash-2.05# ssh -l simran hostname
simran@hostname's password:
Read from remote host hostname: Connection reset by peer
Connection to hostname closed.
bash-2.05#




Actually, it sounds to me like one or more of your partitions are full.



I was able to ftp to this box without any issues, so that just might be true. Not sure why the root partition would fill up since there was a lot of space when I left and this box only runs a web server and a dns server whose files don't grow that much. Could possibly be the logs but not sure. What would be the best way to free up some space. Do I still need to boot into single user mode using the cdrom or is there another way I can fix this? Any ideas?

Thanks for all your replies,
--
Simran H.
redhat@xxxxxxxxxxxx
www.chamkila.org

I booted into single user mode and ran a df -h command and the root partition is at only 60% so this does not seem to be a disk space issue. I also removed the encrypted password for root and my userid from the /etc/shadow file and rebooted. Now when I enter root or my username as the login it does not even ask me for a password and brings me back to the login prompt. Any other ideas as to what might be causing this issue?

Thanks,



-- Simran H. redhat@xxxxxxxxxxxx www.chamkila.org




-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux