Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mandrake 10, IPCOP 1.4, SME Server 6, EvilEntity
Posts: 106
Rep:
Unusual ssh cron message
I received the following email message from my mail server. The mail server is a SMEServer 6 system sitting in a DMZ behind an IPCOP router/firewall. It provides a webmail service, which can be accessed over ssl remotely, but pop access is only local.
I've never received messages from cron before, and have a very bad feeling about this....can anyone explain what is the likely cause, and how to investigate further?
Start message:
/etc/cron.daily/conf-mod_ssl:
2891 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.......++++++
.............................................++++++
e is 65537 (0x10001)
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:State or Province Name (full name) [Berkshire]:Locality Name (eg, city) [Newbury]:Organization Name (eg, company) [My Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:
Distribution: Mandrake 10, IPCOP 1.4, SME Server 6, EvilEntity
Posts: 106
Original Poster
Rep:
What would trigger this? I have only logged on either to the console, or to web-based email. I have never received an email from the system before, and am interested in why - what does trigger cron to regenerate the ssh key? Is it usual or normal to do this on a regular basis?
Distribution: Mandrake 10, IPCOP 1.4, SME Server 6, EvilEntity
Posts: 106
Original Poster
Rep:
I got home and checked the box. The certificate is a year old, and has expired. SMEServer tried to generate a new one, and apparently failed (no idea why, I'll work on that!).
Anyway, not a train smash, but many thanks to TruckSmash for replying.
I had a few bad moments at work, looking at the message, thinking "this really does not look like a good day..."
Originally posted by jburford What would trigger this?
It ran b/c its in /etc/cron.daily. See man cron.
Quote:
Originally posted by jburford what does trigger cron to regenerate the ssh key?
Note: it was regenerating an SSH key, not an SSL key. There's a difference.
Quote:
Originally posted by jburford Is it usual or normal to do this on a regular basis?
Its neither "usual" or "unusual." It all depends on your system config.
Quote:
Originally posted by jburford SMEServer tried to generate a new one, and apparently failed (no idea why, I'll work on that!).
It failed b/c generating an SSL cert is an interactive process, i.e. it requires user input. There was no user input b/c it ran from cron at 4AM, so it failed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.