About this issue... it's very serious and maybe it can hangup your system during a brute force attack over SSH, look my example:
I have installed Ubuntu 8.04, with SSH open to world, but just I have the password. After turns up my IP addres (public), in my /var/log/auth.log I can see a lot of incoming brute force attack: ........... Apr 29 15:53:46 srv33 sshd[5945]: Invalid user test from 218.22.9.118 Apr 29 15:53:46 srv33 sshd[5945]: PAM unable to dlopen(/lib/security/pam_smbpass.so) Apr 29 15:53:48 srv33 sshd[5945]: PAM [error: /lib/security/pam_smbpass.so: cannot open shared object file: No such file or directory] Apr 29 15:53:48 srv33 sshd[5945]: PAM adding faulty module: /lib/security/pam_smbpass.so Apr 29 15:53:48 srv33 sshd[5945]: pam_unix(sshd:auth): check pass; user unknown Apr 29 15:53:48 srv33 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.22.9.118 Apr 29 15:53:48 srv33 sshd[5945]: Failed password for invalid user test from 218.22.9.118 port 16679 ssh2 Apr 29 15:53:52 srv33 sshd[6024]: Invalid user guest from 218.22.9.118 Apr 29 15:53:54 srv33 sshd[6024]: PAM unable to dlopen(/lib/security/pam_smbpass.so) Apr 29 15:53:54 srv33 sshd[6024]: PAM [error: /lib/security/pam_smbpass.so: cannot open shared object file: No such file or directory] Apr 29 15:53:54 srv33 sshd[6024]: PAM adding faulty module: /lib/security/pam_smbpass.so Apr 29 15:53:54 srv33 sshd[6024]: pam_unix(sshd:auth): check pass; user unknown Apr 29 15:53:54 srv33 sshd[6024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.22.9.118 Apr 29 15:53:55 srv33 sshd[6024]: Failed password for invalid user guest from 218.22.9.118 port 1853 ssh2 Apr 29 15:53:59 srv33 sshd[6053]: Invalid user admin from 218.22.9.118 Apr 29 15:53:59 srv33 sshd[6053]: PAM unable to dlopen(/lib/security/pam_smbpass.so) Apr 29 15:53:59 srv33 sshd[6053]: PAM [error: /lib/security/pam_smbpass.so: cannot open shared object file: No such file or directory] Apr 29 15:53:59 srv33 sshd[6053]: PAM adding faulty module: /lib/security/pam_smbpass.so Apr 29 15:53:59 srv33 sshd[6053]: pam_unix(sshd:auth): check pass; user unknown Apr 29 15:53:59 srv33 sshd[6053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.22.9.118 Apr 29 15:54:00 srv33 sshd[6053]: Failed password for invalid user admin from 218.22.9.118 port 53665 ssh2 ....... And during this attacks, my load avarege goes to sky, arround 8.50, even 12.3 of high load... with no daemons, only ssh running! No apache, no mysql, nothing. ... seconds after installing "aptitude libpam-smbpass" my system works nicely, with low load average again, even if "under ssh attack"! So, to solve this problem, I see to options: 1- Disable pam_smbpass in common-auth and common-password under /etc/pam.d or; 2- Put a dependency of libpam-smbpass in something like ubuntu-standard or even ubuntu-minimal. I prefer the first one, I don't use Samba. Regards, Thiago -- error in auth.log when switch user -- pam_smbpass.so https://bugs.launchpad.net/bugs/216990 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
