ssh problemy
Martin Salac
xsalacm at certicon.cz
Wed Sep 3 10:47:56 CEST 2003
Zdravim vsechny BSD pozitivni :-)
Problem 1:
Na jednom stroji mi ssh daemon po sobe "zanechava"
nejake zombie. Nekolikrat se prihlasim a kdyz si vygrepuju z procesu
ssh, dostanu nasledujici udaje:
server at leroy:/home/leroy$ ps ax | grep ssh
121 ?? Ss 0:06,71 /usr/sbin/sshd
87041 ?? I 0:00,00 sshd: leroy [priv] (sshd)
87200 ?? I 0:00,00 sshd: leroy [priv] (sshd)
87522 ?? I 0:00,00 sshd: leroy [priv] (sshd)
87530 ?? I 0:00,03 sshd: leroy [priv] (sshd)
87532 ?? I 0:00,00 sshd: leroy [priv] (sshd)
87533 ?? I 0:00,01 sshd: leroy at ttyp0 (sshd)
87541 ?? S 0:00,03 sshd: leroy [priv] (sshd)
87543 ?? S 0:00,00 sshd: leroy [priv] (sshd)
87544 ?? S 0:00,01 sshd: leroy at ttyp1 (sshd)
Jde mi prave o radky s [priv] udajem. Nikdy mi tam nezustavaly
az po upgradu na 4.8. Jakmile je otevreno moc procesu se sshd,
dalsi login je odmitnut jako auth error. Nezbyva mi nez [priv]
procesy rucne zabijet pri logoutu.
Prosim, vysvetlil by mi nekdo, co jsou zac ty radky s [priv] a proc mi
tam zustavaji viset jako procesy?
Problem 2:
backup at leroy:/home/leroy$ ssh server
Password:
Response:
leroy at server's password:
Cim je dano, ze se mi zobrazuje radek Response?
Rad bych se ho zbavil.
Dekuju za pripadne odpovedi
Zdravi
Martin
P.S. Konfigurace:
server at leroy:/home/leroy$ uname -a
FreeBSD server 4.8-RELEASE FreeBSD 4.8-RELEASE #2: Fri Aug 15 22:30:38
CEST 2003 root at server:/usr/src/sys/compile/SERVER i386
server at leroy:/home/leroy$ cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.8.2.1
2002/07/16 12:33:10 des Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
server at leroy:/home/leroy$ cat /etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
# $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.4.4.1 2002/07/16
12:33:0
9 des Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 1,2
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# VersionAddendum FreeBSD-20020629
More information about the Users-l
mailing list