Problem logging in.

2006-06-08 Thread Jonas Lindskog
Hello,

A week ago my open bsd firewall started to show a very strange behaviour.
I have the ssh-daemon running and ususally log-in remotely to be able to
administrate the pf.conf file. But now I cant log in. Ok, maybe I've just
forgott my password. I booted in single user mode and changed it, then
booted normally but couldn't log in anyway. I booted in single user mode
again changed it to another password, changed to another user (using su)
and then changed user to root again (again using su). Was prompted for the
password, entered it and login was again rejected. When i tried to change
the password it complained that something was wrong with a file called
/etc/master.passwd. When looking at the file it contained parts of my
pf.conf file.

Have I've been hacked or is it just a major error done from my side.

I understand that the information probably isn't enough but if someone
could guide me further I would be very happy.

regards
Jonas Lindskog



Re: Problem logging in.

2006-06-08 Thread Bachman Kharazmi

A week ago my open bsd firewall started to show a very strange behaviour.
I have the ssh-daemon running and ususally log-in remotely to be able to
administrate the pf.conf file. But now I cant log in. Ok, maybe I've just
forgott my password. I booted in single user mode and changed it, then
booted normally but couldn't log in anyway. I booted in single user mode
again changed it to another password, changed to another user (using su)
and then changed user to root again (again using su). Was prompted for the
password, entered it and login was again rejected. When i tried to change
the password it complained that something was wrong with a file called
/etc/master.passwd. When looking at the file it contained parts of my
pf.conf file.

If your master.passwd contains parts of your pf.conf things sound really weird.

Remember, if you ever touch master.passwd ALWAYS use vipw to keep dbs synced.

I would try to create a new user foo, check if it works to login as
foo from the localhost using kb. then try with ssh as the new user and
see how that works.

I'm unsure about exactlly what your problem is, your description of
changing passwds really confuse me.

Do not forget to set a existing shell for the user foo.

GL
/bkw



Re: Problem logging in.

2006-06-08 Thread Joachim Schipper
On Thu, Jun 08, 2006 at 02:22:19PM +0200, Jonas Lindskog wrote:
 Hello,
 
 A week ago my open bsd firewall started to show a very strange behaviour.
 I have the ssh-daemon running and ususally log-in remotely to be able to
 administrate the pf.conf file. But now I cant log in. Ok, maybe I've just
 forgott my password. I booted in single user mode and changed it, then
 booted normally but couldn't log in anyway. I booted in single user mode
 again changed it to another password, changed to another user (using su)
 and then changed user to root again (again using su). Was prompted for the
 password, entered it and login was again rejected. When i tried to change
 the password it complained that something was wrong with a file called
 /etc/master.passwd. When looking at the file it contained parts of my
 pf.conf file.
 
 Have I've been hacked or is it just a major error done from my side.

Most likely, some form of major error. Might be filesystem damage; could
you have done something to cause that?

If master.passwd is unparseable, all sorts of nasty stuff happens.
Restore from a 3*etc.tgz file, or - if possible - from backups.

(Just a generic pointer - most hackers know what they are doing, and are
quite careful not to make too much user-visible changes to the system;
something as blatantly obvious as this is unlikely to be the work of a
hacker. Even bad hackers are unlikely to randomly trash important
files.)

Joachim