Here's my setup:

2 Desktops (A and B) and one server (C)

Desktop A is setup up only as a ssh client, not server, and can access both B and C. B and C cannot access Desktop A, but are set to only accept SSH connections from A's internal IP (on port 22).

This setup worked fine last night. However, now, server (C) cannot be accessed. A can ssh to B, but not to C. C no longer contains the $home/.ssh directory or the known_hosts file in it.

When telling ssh on C to restart (via direct input) it spits out the following errors:

I also tried the instructions here in another thread about ssh gone wild and used the command: tail -f /var/log/secure.

Whereas in the other thread the user received output, I don't actually have that file.

Strange things that have happened in 10 hours:

Although everything is messed up, Apache is still running and my websites are still up. However, my email PHP scripts will no longer send email. This has change literally overnight and I have not done anything to change the files.

I am using the Firestarter Firewall and leave the GUI running so I can monitor any
"events" that occur. There were 4 ssh attempts last night, and I'm not sure if Firestarter would report anything if one of its rules was broken. It is set to be restrictive by nature and whitelist ports as opposed to being open and blacklist.

Any help is appreciated, only request is that I get some help soon.

Thank you!

I'd start with post 3 here http://www.linuxquestions.org/questi...server-664871/

Thanks for the link! I already have one question...

Should I assume that any of the files found by the following commands are bad?

find / -user root -perm -4000 -print
find / -group kmem -perm -2000 -print


Surely some are built in to Linux. Maybe I simply don't understand what a setuid file is. If they are all a hindrance to my computer, I have a long list of nasties.

Just ran rkhunter over my whole system. Apparently root login via ssh was permitted. Which is not something I had set. Besides that, it hasn't found anything.

No more ideas?

You made a typo in some config file, because it's looking in the wrong directory (/etc/ss/ instead of /etc/ssh/).

Also, on OpenBSD the ssh stuff is in /var/log/authlog, not /var/log/secure .

Well, first of all, I'm not using OpenBSD...

I checked my /etc/ssh/sshd_config file and the pathnames are correct. The files do exist in /etc/ssh and they do have keys in them, so I still have no idea what the problem is.

Read post 1 again - you are pointing to

/etc/ss/sshd_*

not

/etc/ssh/sshd_*

If this isn't OpenBSD, what the heck is it? What OS are you running, and what modifications have you applied?

Your service stop/start script is looking in the wrong directory! It's not going to do you any good to check the files in /etc/ssh/, because the service isn't looking for files there. Whatever command you're using to reload ssh is calling a script or reading a config file that has a typo. Please read what we are telling you.

should show you where you've gone wrong.