Re: pam, ssh, user account vulnerability

From: Lenny G. (alengarbage_at_yahoo.com)
Date: 10/04/05

Next message: linux_learner: "newbee learning linux: how to allow write permission to user on mounted drives"
Previous message: Stefan Patric: "Re: After Ubuntu installation...Winxp boots up sloooooowww"
Next in thread: Nico Kadel-Garcia: "Re: pam, ssh, user account vulnerability"
Reply: Nico Kadel-Garcia: "Re: pam, ssh, user account vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 3 Oct 2005 20:56:15 -0700

So, to give a bit of resolution: I discovered why the PAM settings
didn't seem to apply. Turns out that I upgraded from a version of
openssh which had pam support on by default to a version that didn't
have pam support unless "UsePAM=yes" was in /etc/ssh/sshd.conf. Since
my old conf file was, well, a conf file, it didn't get updated when I
upgraded.

Granted, I should have been a bit more careful when upgrading, but I'd
also claim that default-off is the WRONG way to ship a package,
especially when the precedent was default-on. This was on an upgrade
from Fedora Core 2 to FC 4.

And, to put your minds at ease, the system was not compromised beyond
the one account. The attacker is still trying to access that account
almost daily, without luck. I've verified all installed packages, and
have been monitoring network traffic from another box with a sniffer.
The attacker wasn't too savvy -- the hack kits installed contained
readme's with lists of systems that they could compromise, most of
which were linux/freebsd/solaris versions that were at least 2 years
old.

I am still experiencing a nearly constant barrage of dictionary attacks
on simple account names (as I have for the past 3 years), sometimes at
a rate of more than one every 5 seconds, but none on any accessible
accounts. I'll likely install some sentry software to automatically
blacklist ips involved in these types of attacks, but am not worried
enough about it right now to, well, worry about it too much.

Next message: linux_learner: "newbee learning linux: how to allow write permission to user on mounted drives"
Previous message: Stefan Patric: "Re: After Ubuntu installation...Winxp boots up sloooooowww"
Next in thread: Nico Kadel-Garcia: "Re: pam, ssh, user account vulnerability"
Reply: Nico Kadel-Garcia: "Re: pam, ssh, user account vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

User Account Internet Access post SP2 install
... Since upgrading to SP2 I have not experienced any adverse affects within my ... user account. ... they receive an error message from my anti-spyware program, SpyStopper, ... behavior on wired Dell Desktop and a wireless Dell Laptop. ...
(microsoft.public.windowsxp.help_and_support)
Re: Downloaded ie7, now Windows wants password
... I did something similar only not with upgrading IE. ... password before for either account. ... I tried SafeMode but also gets you a login box. ... It booted back up with a logon window. ...
(microsoft.public.windowsxp.help_and_support)
Re: Paypal
... >>> Am I going to have to fork out for the account as it says? ... >> want to accept credit card payments. ... >> received after upgrading. ... The Yorkshire Anthem ...
(uk.people.consumers.ebay)
Re: Paypal
... >> Am I going to have to fork out for the account as it says? ... > to accept credit card payments. ... > received after upgrading. ...
(uk.people.consumers.ebay)