RE: SL6.1 - Unable to login
Usage: -bash {start|stop|restart} - It definitely looks like the style of thing found in /etc/init.d scripts It looks to me like the executable for bash is a link into init.d One way around may be to edit /etc/passwd to make the shell /bin/ksh instead of /bin/bash, then you can get in and look around.
Re: SL6.1 - Unable to login
Hello Chris, After editing /etc/passwd as per your instructions On SHH I get error as Permission denied, please try again. On Machine same as before (no change) On Wed, Nov 9, 2011 at 1:58 AM, Howard, Chris wrote: > > Usage: -bash {start|stop|restart} > > - > > It definitely looks like the style of thing found in /etc/init.d scripts > > It looks to me like the executable for bash is a link into init.d > > One way around may be to edit /etc/passwd to make the shell /bin/ksh > instead of /bin/bash, then you can get in and look around. > > > > > > > > -- Best Regards, Abhijeet Nagawade. +91-9422919428 http://www.Shrigonda.in
Re: SL6.1 - Unable to login
I figured out what went wrong. My port 22 for ssh was open and root login enabled via SSH I checked /var/log/secure and found login by some IP addresses never used by me. IP Lookup showed those IP belonging to south america. I think my machine was hacked Formatted the machine and disabled root login via SSH also blocked port 22 on router (WAN) Thank you very much for the help. On Thu, Nov 10, 2011 at 11:54 PM, Howard, Chris wrote: > Nov 10 23:23:03 sahyadri sshd[1756]: User root not allowed because > shell /bin/ksh does not exist > > ** ** > > ** ** > > ** ** > > /bin/ksh does not exist > > ** ** > > That would definitely not work then. > > I don’t have a SL6.1 system at hand at the moment. Do you know if you > have /bin/tcsh ? > > Or, check out the contents of the /etc/shells file, it should have a list > of available shell commands. > > ** ** > > ** ** > > ** ** > -- Best Regards, Abhijeet Nagawade. +91-9422919428 http://www.Shrigonda.in
Re: SL6.1 - Unable to login
On Fri, 2011-11-18 at 21:14 +0530, Abhijeet Nagawade wrote: > My port 22 for ssh was open and root login enabled via SSH > > > I checked /var/log/secure and found login by some IP addresses never > used by me. > > > IP Lookup showed those IP belonging to south america. > Formatted the machine and disabled root login via SSH also blocked > port 22 on router (WAN) If I need SSH I always reassign it to a non-standard port. Paul.
Re: SL6.1 - Unable to login
On 18 Nov 2011, at 0947, Always Learning wrote: > On Fri, 2011-11-18 at 21:14 +0530, Abhijeet Nagawade wrote: > >> Formatted the machine and disabled root login via SSH also blocked >> port 22 on router (WAN) > > > If I need SSH I always reassign it to a non-standard port. > Can't they just portscan you?
Re: SL6.1 - Unable to login
On Fri, 2011-11-18 at 10:20 -0600, Phong Nguyen wrote: > Can't they just portscan you? Yes but all the opportunist hackers do not. Those people are searching for carelessly set-up installations to break into. Few, if any, hackers are prepared to spend time searching for possible ports - all the way up to 64,000+ - when lots of potentially easier standard 22 port opportunities exist. An installation which uses a non-standard SSH port is likely to be more resilient to attacks than an installation using the standard SSH port. Why would a hacker, keen on breaking-in, waste their time trying to hack an installation where security is likely to be stronger than a basic installation ? Using non-standard ports does not make any installation immune from attacks. It is merely the first of several security conscious attempts to resist successful attacks. Paul.