Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Desktop A is setup up only as a ssh client, not server, and can access both B and C. B and C cannot access Desktop A, but are set to only accept SSH connections from A's internal IP (on port 22).
This setup worked fine last night. However, now, server (C) cannot be accessed. A can ssh to B, but not to C. C no longer contains the $home/.ssh directory or the known_hosts file in it.
When telling ssh on C to restart (via direct input) it spits out the following errors:
Code:
* Restarting OpenBSD Secure Shell server...
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_dsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
[ OK ]
I also tried the instructions here in another thread about ssh gone wild and used the command: tail -f /var/log/secure.
Whereas in the other thread the user received output, I don't actually have that file.
Strange things that have happened in 10 hours:
Although everything is messed up, Apache is still running and my websites are still up. However, my email PHP scripts will no longer send email. This has change literally overnight and I have not done anything to change the files.
I am using the Firestarter Firewall and leave the GUI running so I can monitor any
"events" that occur. There were 4 ssh attempts last night, and I'm not sure if Firestarter would report anything if one of its rules was broken. It is set to be restrictive by nature and whitelist ports as opposed to being open and blacklist.
Any help is appreciated, only request is that I get some help soon.
Surely some are built in to Linux. Maybe I simply don't understand what a setuid file is. If they are all a hindrance to my computer, I have a long list of nasties.
Just ran rkhunter over my whole system. Apparently root login via ssh was permitted. Which is not something I had set. Besides that, it hasn't found anything.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by phantom_cyph
When telling ssh on C to restart (via direct input) it spits out the following errors:
Code:
* Restarting OpenBSD Secure Shell server...
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_dsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
[ OK ]
I also tried the instructions here in another thread about ssh gone wild and used the command: tail -f /var/log/secure.
You made a typo in some config file, because it's looking in the wrong directory (/etc/ss/ instead of /etc/ssh/).
Also, on OpenBSD the ssh stuff is in /var/log/authlog, not /var/log/secure .
I checked my /etc/ssh/sshd_config file and the pathnames are correct. The files do exist in /etc/ssh and they do have keys in them, so I still have no idea what the problem is.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by phantom_cyph
Code:
* Restarting OpenBSD Secure Shell server...
If this isn't OpenBSD, what the heck is it? What OS are you running, and what modifications have you applied?
Quote:
Code:
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_dsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
Could not load host key: /etc/ss/ssh_host_rsa_key
Your service stop/start script is looking in the wrong directory! It's not going to do you any good to check the files in /etc/ssh/, because the service isn't looking for files there. Whatever command you're using to reload ssh is calling a script or reading a config file that has a typo. Please read what we are telling you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.