Grant writes:
> I just upgraded ssh and when I try to restart I get:
>
> * Stopping sshd ... [ !! ]
>
> I don't see anything about it in '/var/log/sshd/current'. How can I
> figure out what is wrong? I'm a little nervous because I don't want
> to shut myself out of this remote server.
Uh-oh! I know how you feel, I also administrate remote servers. Is there
a /var/sun/sshd.pid containing the PID of the running sshd process (you can
get it via "pidof sshd")? Maybe it's missing, this would explain the
failure to stop.
If you think the upgrade is necessary and don't want to wait until you or
s.o. else has physical access in case sshd doesn't come up again, you could
try to restart sshd manually by issuing a "kill -SIGHUP $( pidof sshd )".
> I also noticed many "POSSIBLE BREAK-IN ATTEMPT!" log entries for
> usernames that don't exist. Anything I should do about that?
I emerged failtoban recently. This allows to monitor ssh attacks (also for
other services like ftp and courier), and denies the attacker's IP for a
while after some login failures. This keeps sshd logs short and enhances
security, in case there are users with simple passwords. Some days ago I
received 34 emails from fail2ban telling me about nightly couriersmtp
breakin attempts.
It does nt work out-of-the-box, but isn't too hard to configure. There are
some howtos, but be sure to read current ones, the configuration was
changed somewhere between version 0.6 and 0.8. I can mail you my configs if
you are interested.
Alex
--
[EMAIL PROTECTED] mailing list
