After the latest updates, and restoring the /etc/pam.d/login and /etc/pam.d/passwd files to the originals, I got this
Mar 14 16:30:25 chromium sshd[27831]: input_userauth_request: illegal user root Mar 13 16:30:25 chromium sshd[27831]: PAM unable to dlopen(/lib/security/pam_unix.so) Mar 13 16:30:25 chromium sshd[27831]: PAM [dlerror: /lib/libc.so.6: version `GLIBC_2.3' not found (required by /lib/security/pam_unix.so)] Mar 13 16:30:25 chromium sshd[27831]: PAM adding faulty module: /lib/security/pam_unix.so Mar 13 16:30:25 chromium sshd[27831]: Could not reverse map address 207.177.51.238. Mar 13 16:30:25 chromium sshd[27831]: Failed none for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:30:25 chromium sshd[27831]: Failed keyboard-interactive for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:31:10 chromium sshd[27831]: Failed password for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:31:43 chromium last message repeated 2 times Mar 13 16:31:43 chromium sshd[27831]: Connection closed by 207.177.51.238 /etc/passwd has root as the first entry. moreover, the failed password message happens when I'm prompted for my password, NOT after I type in the password and hit the <Enter> key. Fortunately, everything started working after a '/etc/init.d/ssh restart'. Needless to say, I was a touch freaked out ... This is on a server that I've got a very large investment in. I was afraid of being forever locked out of that box, a major distaster. WTH happened here? -- Christopher L. Everett Chief Technology Officer The Medical Banner Exchange Physicians Employment on the Internet
