Re: root login stops working
On Sat, May 10, 2008 at 11:00:41PM +0200, Mel wrote: On Saturday 10 May 2008 20:50:46 Dennis Flynn wrote: I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. I see the following in /var/log/auth.log: May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: And in /var/log/messages: May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) Looks like you got hacked, the tell-tale being ip port . http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc . . . unless that's part of Dennins' network setup. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] McCloctnick the Lucid: The first rule of magic is simple. Don't waste your time waving your hands and hopping when a rock or a club will do. pgpDnaanFCYYq.pgp Description: PGP signature
Re: root login stops working
On Sun, May 11, 2008 at 01:38:52AM +0530, अनुज Anuj Singh wrote: Direct root login is disabled by default. are you able to login from your 10.11.12.104 as a non root user? What client software are you using on your 10.11.12.104 for logging on to your freebsd? Correction: Direct root login via SSH is disabled by default. If you need root access, you should use a staff account in the wheel group to remotely log into the machine, then su to root. You should, however, be able to log in as root from a TTY console for local access. The fact that remote direct root login is disabled is a security feature, meant to prevent things like brute-force attacks on root over the network. It's a bad idea to change that behavior, in general. Back when I was using Debian for all my servers, I would configure sshd to disable direct root login -- and was pleased to find that on FreeBSD it's disabled by default, once I started using FreeBSD for all my servers. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] John Kenneth Galbraith: If all else fails, immortality can always be assured through spectacular error. pgpOaBkQNdnaB.pgp Description: PGP signature
Re: root login stops working
On Sat, May 10, 2008 at 11:50:46AM -0700, Dennis Flynn wrote: I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. I see the following in /var/log/auth.log: May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: I'd say this was expected behavior, since FreeBSD disbles direct root login over SSH by default (for good reason), but . . . And in /var/log/messages: May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) . . . this looks suspicious. I'm pretty sure you don't get any core dumps when sshd refuses to let you log in as root. New to FreeBSD after using Linux for a long time. I'd really like to get this to workfor my web server/weather station which is currently running on Debian Linux. For security purposes, you should probably actually configure your Debian system to behave more like your FreeBSD system, with regard to SSH. Set the PermitRootLogin value in /etc/ssh/sshd_config to no to prevent remote logins over SSH as root. This behavior is intended as a security measure. To access root remotely, log in over SSH as an account that has su access, then su to root, rather than just logging in as root directly. To grant an account on FreeBSD su access to root, add it to the wheel group. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] print substr(Just another Perl hacker, 0, -2); pgpbjhD21KGII.pgp Description: PGP signature
Re: root login stops working
need root access, you should use a staff account in the wheel group to remotely log into the machine, then su to root. or set PermitRootLogin yes in sshd_conf much easier. The fact that remote direct root login is disabled is a security feature, meant to prevent things like brute-force attacks on root over the network. It's a bad idea to change that behavior, in general. Back when just another stupid myth. simply use good passwords. having to log through 2 accounts doesn't increase security. actually increases mess. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root login stops working
Wojciech Puchar wrote: need root access, you should use a staff account in the wheel group to remotely log into the machine, then su to root. or set PermitRootLogin yes in sshd_conf much easier. The fact that remote direct root login is disabled is a security feature, meant to prevent things like brute-force attacks on root over the network. It's a bad idea to change that behavior, in general. Back when just another stupid myth. As is, of course, all security in depth. Hey, if you want everything riding on one password, more power to you, but you might want to refrain from using phrases like stupid myth unless you've got some hard data to back them up. simply use good passwords. Or a nice little key encrypted with a good pass phrase. Use ssh-agent right and you can make things even easier for yourself. having to log through 2 accounts doesn't increase security. actually increases mess. The only mess I can think of is all that logging that forces a bit of accountability onto all the admins who know the root password. Of course, if you're the only admin, I suppose it doesn't really matter. ;-) --Jon Radel smime.p7s Description: S/MIME Cryptographic Signature
Re: root login stops working
meant to prevent things like brute-force attacks on root over the network. It's a bad idea to change that behavior, in general. Back when just another stupid myth. As is, of course, all security in depth. Hey, if you want everything riding on one password, more power to you, but you might want to refrain from using phrases like stupid myth unless you've got some hard data to back them up. did below. simply use good passwords. Or a nice little key encrypted with a good pass phrase. i use ssh with id_dsa/authorized keys regularly, and rlogin.rhosts within the range of private/vpn/other way secure network having to log through 2 accounts doesn't increase security. actually increases mess. The only mess I can think of is all that logging that forces a bit of accountability onto all the admins who know the root password. Of course, if you're the only admin, I suppose it doesn't really matter. 2 admins for one server is never good idea :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Bulk] Re: root login stops working
Thus spoke Chad Perrin on Sunday, 11 May 2008 at 13:58:46 -0600: On Sat, May 10, 2008 at 11:50:46AM -0700, Dennis Flynn wrote: I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. [ ] For security purposes, you should probably actually configure your Debian system to behave more like your FreeBSD system, with regard to SSH. Set the PermitRootLogin value in /etc/ssh/sshd_config to no to prevent remote logins over SSH as root. This behavior is intended as a security measure. To access root remotely, log in over SSH as an account that has su access, then su to root, rather than just logging in as root directly. I think sshd_config in Debian has PermitRootLogin to no by default (i.e., as part of default installation). It's been a while since I've munged with the default configs (correct me if I am wrong). -- Cheers, Bikal KC (Please use: nepbababucxspamfree_at_yahoo DOT ca) Journal: http://nepbabu.livejournal.com || pubkey: see header Rule 6: There is no Rule 6. - Rob Pike Those who can make you believe absurdities, can make you commit atrocities. - François-Marie Arouet pgpXDyc67sDlr.pgp Description: PGP signature
root login stops working
I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. I see the following in /var/log/auth.log: May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: And in /var/log/messages: May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) New to FreeBSD after using Linux for a long time. I'd really like to get this to workfor my web server/weather station which is currently running on Debian Linux. Thanks Dennis Flynn Home Work - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root login stops working
Direct root login is disabled by default. are you able to login from your 10.11.12.104 as a non root user? What client software are you using on your 10.11.12.104 for logging on to your freebsd? On Sun, May 11, 2008 at 12:20 AM, Dennis Flynn [EMAIL PROTECTED] wrote: I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. I see the following in /var/log/auth.log: May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: And in /var/log/messages: May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) New to FreeBSD after using Linux for a long time. I'd really like to get this to workfor my web server/weather station which is currently running on Debian Linux. Thanks Dennis Flynn Home Work - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root login stops working
On Saturday 10 May 2008 20:50:46 Dennis Flynn wrote: I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 About a day after install root login no longer works - even on the console. I see the following in /var/log/auth.log: May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: And in /var/log/messages: May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) Looks like you got hacked, the tell-tale being ip port . http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: root login stops working
Dennis == Dennis Flynn [EMAIL PROTECTED] writes: Dennis I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Dennis About a day after install root login no longer works - even on the console. Dennis I see the following in /var/log/auth.log: Dennis May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2 Dennis May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: Dennis And in /var/log/messages: Dennis May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped) Looks like your shell segfaulted during login., resulting in your ssh session being aborted. How about booting in single user mode ? And does your installation underwent any filesystem recovery ? You can try reinstalling csh from freebsd installation disc, and then try. HTH -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgp8PMVqKztWi.pgp Description: PGP signature