ssh problemy

Martin Salac xsalacm at certicon.cz
Wed Sep 3 10:47:56 CEST 2003


Zdravim vsechny BSD pozitivni :-)

Problem 1:

Na jednom stroji mi ssh daemon po sobe "zanechava"
nejake zombie. Nekolikrat se prihlasim a kdyz si vygrepuju z procesu
ssh, dostanu nasledujici udaje:

server at leroy:/home/leroy$ ps ax | grep ssh
   121  ??  Ss     0:06,71 /usr/sbin/sshd
87041  ??  I      0:00,00 sshd: leroy [priv] (sshd)
87200  ??  I      0:00,00 sshd: leroy [priv] (sshd)
87522  ??  I      0:00,00 sshd: leroy [priv] (sshd)
87530  ??  I      0:00,03 sshd: leroy [priv] (sshd)
87532  ??  I      0:00,00 sshd: leroy [priv] (sshd)
87533  ??  I      0:00,01 sshd: leroy at ttyp0 (sshd)
87541  ??  S      0:00,03 sshd: leroy [priv] (sshd)
87543  ??  S      0:00,00 sshd: leroy [priv] (sshd)
87544  ??  S      0:00,01 sshd: leroy at ttyp1 (sshd)

Jde mi prave o radky s [priv] udajem. Nikdy mi tam nezustavaly
az po upgradu na 4.8. Jakmile je otevreno moc procesu se sshd,
dalsi login je odmitnut jako auth error. Nezbyva mi nez [priv]
procesy rucne zabijet pri logoutu.
Prosim, vysvetlil by mi nekdo, co jsou zac ty radky s [priv] a proc mi
tam zustavaji viset jako procesy?

Problem 2:
backup at leroy:/home/leroy$ ssh server
Password:
Response:
leroy at server's password:

Cim je dano, ze se mi zobrazuje radek Response?
Rad bych se ho zbavil.

Dekuju za pripadne odpovedi

Zdravi

Martin

P.S. Konfigurace:

server at leroy:/home/leroy$ uname -a
FreeBSD server 4.8-RELEASE FreeBSD 4.8-RELEASE #2: Fri Aug 15 22:30:38
CEST 2003 root at server:/usr/src/sys/compile/SERVER  i386

server at leroy:/home/leroy$ cat /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.8.2.1 
2002/07/16 12:33:10 des Exp $
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20020629
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

server at leroy:/home/leroy$ cat /etc/ssh/ssh_config
#       $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
#       $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.4.4.1 2002/07/16 
12:33:0
9 des Exp $
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
   Protocol 1,2
#   Cipher 3des
#   Ciphers 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   VersionAddendum FreeBSD-20020629





More information about the Users-l mailing list