Howdy Com,

ich nutze OpenSSH, um vom LAN meinen Router zu administrieren. Seit einer Woche taucht dabei in den Logs ein Fehler auf:

Nov 9 19:43:32 firebox sshd(pam_unix)[4708]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=noizlab user=root
Nov 9 19:43:41 firebox sshd[4708]: Accepted password for root from 192.168.0.2 port 1481 ssh2
Nov 9 19:43:41 firebox sshd(pam_unix)[4708]: session opened for user root by (uid=0)

Kann damit jemand was anfangen?

Danke, Sascha

Kann damit jemand was anfangen?


da versucht jemand sich anzumelden. hab ich täglich:

Nov 8 11:37:11 <host> sshd[21862]: User root not allowed because not listed in AllowUsers
Nov 8 16:49:08 <host> sshd[23043]: Invalid user test from 202.125.140.212
Nov 8 16:49:10 <host> sshd[23045]: Invalid user guest from 202.125.140.212
Nov 8 16:49:13 <host> sshd[23047]: Invalid user admin from 202.125.140.212
Nov 8 16:49:16 <host> sshd[23049]: Invalid user admin from 202.125.140.212
Nov 8 16:49:19 <host> sshd[23051]: Invalid user user from 202.125.140.212
Nov 8 16:49:32 <host> sshd[23053]: reverse mapping checking getaddrinfo for lhr63.pie.net.pk faile
d - POSSIBLE BREAKIN ATTEMPT!

ich hab root gesperrt und lasse nur einen einzigen nutzer per public-key zu.


-j

da versucht jemand sich anzumelden. hab ich täglich:
ich hab root gesperrt und lasse nur einen einzigen nutzer per public-key zu.


hehe...is schon klar. Der jemand bin ja ich selber :D Das soll ja auch sein, dass ich mich aus dem LAN per SSH als root einloggen kann.

Aber wir kommt der FAILURE beim Aufruf des sshd zustande?

hehe...is schon klar. Der jemand bin ja ich selber :D Das soll ja auch sein, dass ich mich aus dem LAN per SSH als root einloggen kann.


ach so, missverständnis meinerseits.



Aber wir kommt der FAILURE beim Aufruf des sshd zustande?


wenn das verhalten reproduzierbar ist, starte sshd mal auf einem anderen port mit 'sshd -ddd -p <port>' und sieh dir den debug bei einem connect auf diesen port an.


-j

[root@firebox root]# sshd -d -p 23
debug1: sshd version OpenSSH_3.6.1p2
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 23 on 0.0.0.0.
Server listening on 0.0.0.0 port 23.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.0.2 port 1763
debug1: Client protocol version 2.0; client software version PuTTY-Release-0.56
debug1: no match: PuTTY-Release-0.56
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: permanently_set_uid: 94/94
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes256-cbc hmac-sha1 none
debug1: kex: server->client aes256-cbc hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "root"
debug1: PAM setting rhost to "noizlab"
debug1: PAM password authentication failed for root: Authentication failure
Failed none for root from 192.168.0.2 port 1763 ssh2
Failed none for root from 192.168.0.2 port 1763 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=root devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for root from 192.168.0.2 port 1763 ssh2
debug1: userauth-request for user root service ssh-connection method password
debug1: attempt 2 failures 2
debug1: PAM password authentication accepted for root
Accepted password for root from 192.168.0.2 port 1763 ssh2
Accepted password for root from 192.168.0.2 port 1763 ssh2
debug1: monitor_child_preauth: root has been authenticated by privileged process
debug1: Entering interactive session for SSH2.
debug1: fd 3 setting O_NONBLOCK
debug1: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/4
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM setting tty to "/dev/pts/4"
debug1: PAM establishing creds
debug1: channel 0: rfd 9 isatty
debug1: fd 9 setting O_NONBLOCK
debug1: Setting controlling tty using TIOCSCTTY.
debug1: PAM establishing creds
debug1: permanently_set_uid: 0/0
Environment:
USER=root
LOGNAME=root
HOME=/root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAIL=/var/mail/root
SHELL=/bin/bash
SSH_CLIENT=192.168.0.2 1763 23
SSH_CONNECTION=192.168.0.2 1763 192.168.0.3 23
SSH_TTY=/dev/pts/4
TERM=xterm

-------------------------------------------
hm...scheinbar was mit PAM :D

Any ideas?

du hast vermutlich "UsePAM yes" gesetzt und PAM ist nicht/falsch konfiguriert. setze mal "UsePAM no" und "PasswordAuthentication yes" und sieh nach, ob der fehler bestehen bleibt.


-j

von PAM steht nix in der Config,
PasswordAuthentication yes hab ich gesetzt,
Fehler bleibt bestehen...

ich post mal meine sshd.config:

#Port 22
Protocol 2
#ListenAddress 192.168.0.3 # 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no

X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

#IgnoreUserKnownHosts no