RE: SL6.1 - Unable to login

[Howard, Chris]

Usage: -bash {start|stop|restart}

-

It definitely looks like the style of thing found in /etc/init.d scripts

It looks to me like the executable for bash is a link into init.d

One way around may be to edit /etc/passwd to make the shell  /bin/ksh
instead of /bin/bash, then you can get in and look around.

Re: SL6.1 - Unable to login

[Abhijeet Nagawade]

Hello Chris,

After editing /etc/passwd as per your instructions

On SHH I get error as
Permission denied, please try again.

On Machine same as before (no change)




On Wed, Nov 9, 2011 at 1:58 AM, Howard, Chris  wrote:

>
> Usage: -bash {start|stop|restart}
>
> -
>
> It definitely looks like the style of thing found in /etc/init.d scripts
>
> It looks to me like the executable for bash is a link into init.d
>
> One way around may be to edit /etc/passwd to make the shell  /bin/ksh
> instead of /bin/bash, then you can get in and look around.
>
>
>
>
>
>
>
>


-- 
Best Regards,
Abhijeet Nagawade.
+91-9422919428
http://www.Shrigonda.in

Re: SL6.1 - Unable to login

[Abhijeet Nagawade]

I figured out what went wrong.

My port 22 for ssh was open and root login enabled via SSH

I checked /var/log/secure and found login by some IP addresses never used
by me.

IP Lookup showed those IP belonging to south america.

I think my machine was hacked

Formatted the machine and disabled root login via SSH also blocked port 22
on router (WAN)

Thank you very much for the help.



On Thu, Nov 10, 2011 at 11:54 PM, Howard, Chris  wrote:

>   Nov 10 23:23:03 sahyadri sshd[1756]: User root not allowed because
> shell /bin/ksh does not exist
>
> ** **
>
> ** **
>
> ** **
>
> /bin/ksh does not exist
>
> ** **
>
> That would definitely not work then.
>
> I don’t have a SL6.1 system at hand at the moment.  Do you know if you
> have /bin/tcsh ?
>
> Or, check out the contents of the /etc/shells file, it should have a list
> of available shell commands.
>
> ** **
>
> ** **
>
> ** **
>



-- 
Best Regards,
Abhijeet Nagawade.
+91-9422919428
http://www.Shrigonda.in

Re: SL6.1 - Unable to login

[Always Learning]

On Fri, 2011-11-18 at 21:14 +0530, Abhijeet Nagawade wrote:


> My port 22 for ssh was open and root login enabled via SSH
> 
> 
> I checked /var/log/secure and found login by some IP addresses never
> used by me.
> 
> 
> IP Lookup showed those IP belonging to south america.


> Formatted the machine and disabled root login via SSH also blocked
> port 22 on router (WAN)


If I need SSH I always reassign it to a non-standard port.


Paul.

Re: SL6.1 - Unable to login

[Phong Nguyen]

On 18 Nov 2011, at 0947, Always Learning wrote:

> On Fri, 2011-11-18 at 21:14 +0530, Abhijeet Nagawade wrote:
> 
>> Formatted the machine and disabled root login via SSH also blocked
>> port 22 on router (WAN)
> 
> 
> If I need SSH I always reassign it to a non-standard port.
> 

Can't they just portscan you? 

Re: SL6.1 - Unable to login

[Always Learning]

On Fri, 2011-11-18 at 10:20 -0600, Phong Nguyen wrote:

> Can't they just portscan you? 

Yes but all the opportunist hackers do not. Those people are searching
for carelessly set-up installations to break into.  Few, if any, hackers
are prepared to spend time searching for possible ports - all the way up
to 64,000+ - when lots of potentially easier standard 22 port
opportunities exist.

An installation which uses a non-standard SSH port is likely to be more
resilient to attacks than an installation using the standard SSH port.
Why would a hacker, keen on breaking-in, waste their time trying to hack
an installation where security is likely to be stronger than a basic
installation ?

Using non-standard ports does not make any installation immune from
attacks. It is merely the first of several security conscious attempts
to resist successful attacks.

Paul.