On 25/01/11 13:38, Hugo Mills wrote:
On Tue, Jan 25, 2011 at 08:30:43AM -0500, Andy Random wrote:
I'm not sure when this happened but I've just tried to ssh out from
a machine and got the following:
$ ssh
-bash: /usr/bin/ssh: Permission denied
a quick check reveals:
$ ls -ltr /usr/bin/ssh
-rwx------ 1 root root 650556 Jan 10 13:54 /usr/bin/ssh
so I tried this:
# chmod 755 /usr/bin/ssh
chmod: changing permissions of `/usr/bin/ssh': Operation not permitted
This is on a VPS running Debian lenny which I've certainly managed
to ssh out of before but I probably haven't tried to ssh out of the
machines for a week or two so I'm not sure when the problem started.
However I did an upgate/upgrade yesterday.
Any ideas what is going on?
The file's been modified recently, and the binary is a lot larger
than it is on my system here(*). I'd hazard a guess you've been
cracked. Check for rootkits and unexpected processes or net
connections.
Hugo.
(*) I have:
hrm@shades:~$ ls -l /usr/bin/ssh
-rwxr-xr-x 1 root root 358756 Dec 26 18:12 /usr/bin/ssh
I don't know if this helps, but my Debian Lenny system has this:
chris@www:~$ ls -l /usr/bin/ssh
-rwxr-xr-x 1 root root 332928 2009-01-14 00:40 /usr/bin/ssh
and it's fairly up-to-date, with version 3.0.3-2 of ssh, and version
1:5.1p1-5 of openssh-client.
cheers
Chris
--
Chris Dennis cgden...@btinternet.com
Fordingbridge, Hampshire, UK
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
