From: Ivan Adzhubey <iadzhubey@rics.bwh.harvard.edu>
To: sisyphus@altlinux.ru
Subject: [sisyphus] Странное поведение sshd + pam_tcb
Date: Sun, 20 Mar 2005 21:56:06 -0500
Message-ID: <200503202156.06966.iadzhubey@rics.bwh.harvard.edu> (raw)
Приветствую!
Наблюдаю в логах сервера странные записи от sshd. Возможно, это оффтопик, но
tcb у нас обновлялся недавно, так что может и нет.
Mar 21 03:59:00 protein pam_tcb[11810]: sshd: Session opened for ivan by
(uid=500)
Mar 21 03:59:00 protein pam_limits[11810]: checking if ivan is in group root
Mar 21 03:59:00 protein pam_tcb[11810]: sshd: Session closed for ivan
Mar 21 03:59:05 protein pam_tcb[11816]: sshd: Authentication failed for ivan
from (uid=0)
Mar 21 03:59:06 protein pam_tcb[11822]: sshd: Session opened for ivan by
(uid=500)
Mar 21 03:59:06 protein pam_limits[11822]: checking if ivan is in group root
Mar 21 03:59:06 protein pam_tcb[11822]: sshd: Session closed for ivan
Mar 21 03:59:16 protein pam_tcb[11831]: sshd: Authentication failed for ivan
from (uid=0)
Mar 21 03:59:17 protein pam_tcb[11839]: sshd: Session opened for ivan by
(uid=500)
Mar 21 03:59:17 protein pam_limits[11839]: checking if ivan is in group root
Mar 21 03:59:17 protein pam_tcb[11839]: sshd: Session closed for ivan
Mar 21 03:59:22 protein pam_tcb[11850]: sshd: Authentication failed for ivan
from (uid=0)
Mar 21 03:59:23 protein pam_tcb[11856]: sshd: Session opened for ivan by
(uid=500)
Mar 21 03:59:23 protein pam_limits[11856]: checking if ivan is in group root
И так много раз - сессия открывается и тут же закрывается, все в пределах
одной секунды. Я в это время залогинен на сервер по ssh интерактивно и еще
висит пара ssh с port forwarding. Это глюки pam_tcb или все-таки взлом?
Как-то можно повысить информативность логов от sshd, чтобы он всегда писал IP
адрес клиента?
--
Иван
next reply other threads:[~2005-03-21 2:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-21 2:56 Ivan Adzhubey [this message]
2005-03-21 3:07 ` Ivan Adzhubey
2005-03-21 3:33 ` [sisyphus] Странное поведение sshd + pam_tcb + sgi_fam Ivan Adzhubey
2005-03-21 7:46 ` Epiphanov Sergei
2005-03-21 7:54 ` Ivan Adzhubey
2005-03-21 8:03 ` Ivan Adzhubey
2005-03-21 8:15 ` [sisyphus] " Michael Shigorin
2005-03-21 23:03 ` [sisyphus] sgi_fam vs xinetd Dmitry V. Levin
2005-03-22 7:09 ` [sisyphus] " Michael Shigorin
2005-03-21 22:58 ` [sisyphus] " Dmitry V. Levin
2005-03-21 8:04 ` [sisyphus] Странное поведение sshd + pam_tcb + sgi_fam Epiphanov Sergei
2005-03-21 8:16 ` Ivan Adzhubey
2005-03-21 9:31 ` Epiphanov Sergei
2005-03-21 9:45 ` Ivan Adzhubey
2005-03-21 11:45 ` Epiphanov Sergei
2005-03-21 23:06 ` [sisyphus] sgi_fam vs xinetd Dmitry V. Levin
2005-03-21 23:02 ` Dmitry V. Levin
2005-03-21 23:30 ` Ivan Adzhubey
2005-03-21 23:48 ` Dmitry V. Levin
2005-03-25 13:15 ` Dmitry V. Levin
2005-03-25 22:18 ` Ivan Adzhubey
2005-03-27 12:25 ` Dmitry V. Levin
2005-03-27 12:35 ` Ivan Adzhubey
2005-03-27 12:41 ` Dmitry V. Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200503202156.06966.iadzhubey@rics.bwh.harvard.edu \
--to=iadzhubey@rics.bwh.harvard.edu \
--cc=sisyphus@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git