maybe openssh's bug
pls read ssh.log attachment # ifconfig sis0 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 150 lladdr 00:16:ec:b0:25:d groups: egres media: Ethernet autoselect (100baseTX half-duplex status: activ inet 192.168.1.248 netmask 0xff00 broadcast 192.168.1.25 inet6 fe80::216:ecff:feb0:25d7%sis0 prefixlen 64 scopeid 0x I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 The authenticity of host '192.168.1.1911 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1912 ssh: 192.168.1.1912: non-recoverable failure in name resolutio # ssh 192.168.1.1913 ssh: 192.168.1.1913: non-recoverable failure in name resolutio # ssh 192.168.1.1914 The authenticity of host '192.168.1.1914 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1915 The authenticity of host '192.168.1.1915 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1916 ssh: 192.168.1.1916: non-recoverable failure in name resolutio # ssh 192.168.1.1917 ssh: 192.168.1.1917: non-recoverable failure in name resolutio # ssh 192.168.1.1918 The authenticity of host '192.168.1.1918 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ at this line , when i input correct password , but authenticate is incorrec # ssh 192.168.1.1919 [EMAIL PROTECTED]'s password: Permission denied, please try again [EMAIL PROTECTED]'s password: # uname - OpenBSD EServer-01.evermoresw.com.cn 4.2 GENERIC#0 i38 # sysctl hw hw.machine=i38 hw.model=Intel(R) Pentium(R) 4 CPU 2.93GHz (GenuineIntel 686-class hw.ncpu= hw.byteorder=123 hw.physmem=46926643 hw.usermem=46926233 hw.pagesize=409 hw.disknames=cd0,wd hw.diskcount= hw.sensors.it0.temp0=48.00 deg hw.sensors.it0.temp1=39.00 deg hw.sensors.it0.temp2=22.00 deg hw.sensors.it0.fan0=1231 RP hw.sensors.it0.volt0=1.25 VDC (VCORE_A hw.sensors.it0.volt1=2.62 VDC (VCORE_B hw.sensors.it0.volt2=3.31 VDC (+3.3V hw.sensors.it0.volt3=5.00 VDC (+5V hw.sensors.it0.volt4=11.71 VDC (+12V hw.sensors.it0.volt5=2.01 VDC (Unused hw.sensors.it0.volt6=-0.77 VDC (-12V hw.sensors.it0.volt7=4.97 VDC (+5VSB hw.sensors.it0.volt8=4.08 VDC (VBAT hw.cpuspeed=293 hw.setperf=10 hw.vendor=Ace hw.product=Aspire SA80/AP S28 hw.version=R01-C hw.uuid=Not Se # ssh - OpenSSH_4.7, OpenSSL 0.9.7j 04 May 200
Re: maybe openssh's bug
Not sure if it was gmail that blew chunks on your message or somewhere else along the way, but it seems some of your message lines were trunked. Either way, your attachment won't make it through... The only mailing list that allows attachments is the ports list, they will be removed from messages on the other mailing lists. http://openbsd.org/mail.html On Nov 26, 2007 6:14 PM, PowerBSD [EMAIL PROTECTED] wrote: pls read ssh.log attachment # ifconfig sis0 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 150 lladdr 00:16:ec:b0:25:d groups: egres media: Ethernet autoselect (100baseTX half-duplex status: activ inet 192.168.1.248 netmask 0xff00 broadcast 192.168.1.25 inet6 fe80::216:ecff:feb0:25d7%sis0 prefixlen 64 scopeid 0x I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 The authenticity of host '192.168.1.1911 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1912 ssh: 192.168.1.1912: non-recoverable failure in name resolutio # ssh 192.168.1.1913 ssh: 192.168.1.1913: non-recoverable failure in name resolutio # ssh 192.168.1.1914 The authenticity of host '192.168.1.1914 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1915 The authenticity of host '192.168.1.1915 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1916 ssh: 192.168.1.1916: non-recoverable failure in name resolutio # ssh 192.168.1.1917 ssh: 192.168.1.1917: non-recoverable failure in name resolutio # ssh 192.168.1.1918 The authenticity of host '192.168.1.1918 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ at this line , when i input correct password , but authenticate is incorrec # ssh 192.168.1.1919 [EMAIL PROTECTED]'s password: Permission denied, please try again [EMAIL PROTECTED]'s password: # uname - OpenBSD EServer-01.evermoresw.com.cn 4.2 GENERIC#0 i38 # sysctl hw hw.machine=i38 hw.model=Intel(R) Pentium(R) 4 CPU 2.93GHz (GenuineIntel 686-class hw.ncpu= hw.byteorder=123 hw.physmem=46926643 hw.usermem=46926233 hw.pagesize=409 hw.disknames=cd0,wd hw.diskcount= hw.sensors.it0.temp0=48.00 deg hw.sensors.it0.temp1=39.00 deg hw.sensors.it0.temp2=22.00 deg hw.sensors.it0.fan0=1231 RP hw.sensors.it0.volt0=1.25 VDC (VCORE_A hw.sensors.it0.volt1=2.62 VDC (VCORE_B hw.sensors.it0.volt2=3.31 VDC (+3.3V hw.sensors.it0.volt3=5.00 VDC (+5V hw.sensors.it0.volt4=11.71 VDC (+12V hw.sensors.it0.volt5=2.01 VDC (Unused hw.sensors.it0.volt6=-0.77 VDC (-12V hw.sensors.it0.volt7=4.97 VDC (+5VSB hw.sensors.it0.volt8=4.08 VDC (VBAT hw.cpuspeed=293 hw.setperf=10 hw.vendor=Ace hw.product=Aspire SA80/AP S28 hw.version=R01-C hw.uuid=Not Se # ssh - OpenSSH_4.7, OpenSSL 0.9.7j 04 May 200
Re: maybe openssh's bug
On Tue, 27 Nov 2007 10:14:43 +0800, PowerBSD wrote: I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 Stop right there! What the hell does that 1911 mean? and all the 1912, 1913 etc stuff too. Those are not valid addresses, at least in the IPv4 universe. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: maybe openssh's bug
On Nov 26, 2007 6:24 PM, xSAPPYx [EMAIL PROTECTED] wrote: Not sure if it was gmail that blew chunks on your message or somewhere else along the way, but it seems some of your message lines were trunked. Is that why there's a 1,2,3,4,5,6,7,8, and 9 added to the IP address? Either way, your attachment won't make it through... The only mailing list that allows attachments is the ports list, they will be removed from messages on the other mailing lists. http://openbsd.org/mail.html On Nov 26, 2007 6:14 PM, PowerBSD [EMAIL PROTECTED] wrote: pls read ssh.log attachment # ifconfig sis0 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 150 lladdr 00:16:ec:b0:25:d groups: egres media: Ethernet autoselect (100baseTX half-duplex status: activ inet 192.168.1.248 netmask 0xff00 broadcast 192.168.1.25 inet6 fe80::216:ecff:feb0:25d7%sis0 prefixlen 64 scopeid 0x I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 The authenticity of host '192.168.1.1911 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1912 ssh: 192.168.1.1912: non-recoverable failure in name resolutio # ssh 192.168.1.1913 ssh: 192.168.1.1913: non-recoverable failure in name resolutio # ssh 192.168.1.1914 The authenticity of host '192.168.1.1914 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1915 The authenticity of host '192.168.1.1915 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1916 ssh: 192.168.1.1916: non-recoverable failure in name resolutio # ssh 192.168.1.1917 ssh: 192.168.1.1917: non-recoverable failure in name resolutio # ssh 192.168.1.1918 The authenticity of host '192.168.1.1918 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ at this line , when i input correct password , but authenticate is incorrec # ssh 192.168.1.1919 [EMAIL PROTECTED]'s password: Permission denied, please try again [EMAIL PROTECTED]'s password: # uname - OpenBSD EServer-01.evermoresw.com.cn 4.2 GENERIC#0 i38 # sysctl hw hw.machine=i38 hw.model=Intel(R) Pentium(R) 4 CPU 2.93GHz (GenuineIntel 686-class hw.ncpu= hw.byteorder=123 hw.physmem=46926643 hw.usermem=46926233 hw.pagesize=409 hw.disknames=cd0,wd hw.diskcount= hw.sensors.it0.temp0=48.00 deg hw.sensors.it0.temp1=39.00 deg hw.sensors.it0.temp2=22.00 deg hw.sensors.it0.fan0=1231 RP hw.sensors.it0.volt0=1.25 VDC (VCORE_A hw.sensors.it0.volt1=2.62 VDC (VCORE_B hw.sensors.it0.volt2=3.31 VDC (+3.3V hw.sensors.it0.volt3=5.00 VDC (+5V hw.sensors.it0.volt4=11.71 VDC (+12V hw.sensors.it0.volt5=2.01 VDC (Unused hw.sensors.it0.volt6=-0.77 VDC (-12V hw.sensors.it0.volt7=4.97 VDC (+5VSB hw.sensors.it0.volt8=4.08 VDC (VBAT hw.cpuspeed=293 hw.setperf=10 hw.vendor=Ace hw.product=Aspire SA80/AP S28 hw.version=R01-C hw.uuid=Not Se # ssh - OpenSSH_4.7, OpenSSL 0.9.7j 04 May 200 -- Ticketmaster and Ticketweb suck, but everyone knows that: http://ticketmastersucks.org http://lodesertprotosites.org Dethink to survive - Mclusky
Re: maybe openssh's bug
On Tue, Nov 27, 2007 at 01:45:01PM +1100, RW wrote: On Tue, 27 Nov 2007 10:14:43 +0800, PowerBSD wrote: I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 Stop right there! What the hell does that 1911 mean? and all the 1912, 1913 etc stuff too. Those are not valid addresses, at least in the IPv4 universe. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device these address only test i found this problem at input mistake all these illegal address should return an error , but result connect another address. -- A horse! A horse! My kingdom for a horse! -- Wm. Shakespeare, Henry VI
Re: maybe openssh's bug
On Mon, Nov 26, 2007 at 06:51:19PM -0800, Greg Thomas wrote: On Nov 26, 2007 6:24 PM, xSAPPYx [EMAIL PROTECTED] wrote: Not sure if it was gmail that blew chunks on your message or somewhere else along the way, but it seems some of your message lines were trunked. Is that why there's a 1,2,3,4,5,6,7,8, and 9 added to the IP address? Only test ssh response and returns Either way, your attachment won't make it through... The only mailing list that allows attachments is the ports list, they will be removed from messages on the other mailing lists. http://openbsd.org/mail.html On Nov 26, 2007 6:14 PM, PowerBSD [EMAIL PROTECTED] wrote: pls read ssh.log attachment # ifconfig sis0 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 150 lladdr 00:16:ec:b0:25:d groups: egres media: Ethernet autoselect (100baseTX half-duplex status: activ inet 192.168.1.248 netmask 0xff00 broadcast 192.168.1.25 inet6 fe80::216:ecff:feb0:25d7%sis0 prefixlen 64 scopeid 0x I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 The authenticity of host '192.168.1.1911 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1912 ssh: 192.168.1.1912: non-recoverable failure in name resolutio # ssh 192.168.1.1913 ssh: 192.168.1.1913: non-recoverable failure in name resolutio # ssh 192.168.1.1914 The authenticity of host '192.168.1.1914 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1915 The authenticity of host '192.168.1.1915 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ # ssh 192.168.1.1916 ssh: 192.168.1.1916: non-recoverable failure in name resolutio # ssh 192.168.1.1917 ssh: 192.168.1.1917: non-recoverable failure in name resolutio # ssh 192.168.1.1918 The authenticity of host '192.168.1.1918 (202.102.2.116)' can't be established RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7 Are you sure you want to continue connecting (yes/no)? ^ at this line , when i input correct password , but authenticate is incorrec # ssh 192.168.1.1919 [EMAIL PROTECTED]'s password: Permission denied, please try again [EMAIL PROTECTED]'s password: # uname - OpenBSD EServer-01.evermoresw.com.cn 4.2 GENERIC#0 i38 # sysctl hw hw.machine=i38 hw.model=Intel(R) Pentium(R) 4 CPU 2.93GHz (GenuineIntel 686-class hw.ncpu= hw.byteorder=123 hw.physmem=46926643 hw.usermem=46926233 hw.pagesize=409 hw.disknames=cd0,wd hw.diskcount= hw.sensors.it0.temp0=48.00 deg hw.sensors.it0.temp1=39.00 deg hw.sensors.it0.temp2=22.00 deg hw.sensors.it0.fan0=1231 RP hw.sensors.it0.volt0=1.25 VDC (VCORE_A hw.sensors.it0.volt1=2.62 VDC (VCORE_B hw.sensors.it0.volt2=3.31 VDC (+3.3V hw.sensors.it0.volt3=5.00 VDC (+5V hw.sensors.it0.volt4=11.71 VDC (+12V hw.sensors.it0.volt5=2.01 VDC (Unused hw.sensors.it0.volt6=-0.77 VDC (-12V hw.sensors.it0.volt7=4.97 VDC (+5VSB hw.sensors.it0.volt8=4.08 VDC (VBAT hw.cpuspeed=293 hw.setperf=10 hw.vendor=Ace hw.product=Aspire SA80/AP S28 hw.version=R01-C hw.uuid=Not Se # ssh - OpenSSH_4.7, OpenSSL 0.9.7j 04 May 200 -- Ticketmaster and Ticketweb suck, but everyone knows that: http://ticketmastersucks.org http://lodesertprotosites.org Dethink to survive - Mclusky -- Alas, how love can trifle with itself! -- William Shakespeare, The Two Gentlemen of Verona
Re: maybe openssh's bug
On Nov 26, 2007 7:21 PM, PowerBSD [EMAIL PROTECTED] wrote: On Mon, Nov 26, 2007 at 06:51:19PM -0800, Greg Thomas wrote: On Nov 26, 2007 6:24 PM, xSAPPYx [EMAIL PROTECTED] wrote: Not sure if it was gmail that blew chunks on your message or somewhere else along the way, but it seems some of your message lines were trunked. Is that why there's a 1,2,3,4,5,6,7,8, and 9 added to the IP address? Only test ssh response and returns I don't think you're telling us the whole story then. That's not the behavior I see here. Greg -- Obsession and obscurity in the low desert: http://lodesertprotosites.org Dethink to survive - Mclusky
Re: maybe openssh's bug
On Nov 26, 2007 8:02 PM, Greg Thomas [EMAIL PROTECTED] wrote: On Nov 26, 2007 7:21 PM, PowerBSD [EMAIL PROTECTED] wrote: On Mon, Nov 26, 2007 at 06:51:19PM -0800, Greg Thomas wrote: On Nov 26, 2007 6:24 PM, xSAPPYx [EMAIL PROTECTED] wrote: Not sure if it was gmail that blew chunks on your message or somewhere else along the way, but it seems some of your message lines were trunked. Is that why there's a 1,2,3,4,5,6,7,8, and 9 added to the IP address? Only test ssh response and returns I don't think you're telling us the whole story then. That's not the behavior I see here. [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1911 ssh: 192.168.1.1911: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1912 ssh: 192.168.1.1912: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1913 ssh: 192.168.1.1913: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1914 ssh: 192.168.1.1914: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1915 ssh: 192.168.1.1915: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1916 ssh: 192.168.1.1916: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1917 ssh: 192.168.1.1917: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1918 ssh: 192.168.1.1918: no address associated with name [EMAIL PROTECTED]:/home/ethant# ssh 192.168.1.1919 ssh: 192.168.1.1919: no address associated with name -- Ticketmaster and Ticketweb suck, but everyone knows that: http://ticketmastersucks.org http://lodesertprotosites.org Dethink to survive - Mclusky
Re: maybe openssh's bug
On Nov 26, 2007 8:06 PM, PowerBSD [EMAIL PROTECTED] wrote: On Tue, Nov 27, 2007 at 01:45:01PM +1100, RW wrote: On Tue, 27 Nov 2007 10:14:43 +0800, PowerBSD wrote: I use ssh connect to remote sshd server 192.168.1.191 , then i us # ssh 192.168.1.1911 Stop right there! What the hell does that 1911 mean? and all the 1912, 1913 etc stuff too. Those are not valid addresses, at least in the IPv4 universe. ... all these illegal address should return an error , but result connect another address. That just means your /etc/hosts file or DNS server has entries doing that mapping. If you (or your sysadmin?) didn't add them, then someone is probably screwing with you. So, check /etc/hosts for lines like 202.102.2.116 192.168.1.1918 Important note! If the IP 202.102.2.116 isn't under your control, then you have given your password to someone you probably don't trust! 2.102.202.in-addr.arpa. 3600IN SOA nmc1.ptt.js.cn. postmaster.nmc1.ptt.js.cn. 2006110800 86400 7200 2592000 3600 If you aren't in China, then I would *strongly* suggest scrubbing and reinstalling your system. ...and then tracking down how you got hacked. Philip Guenther
