Gentoo Archives: gentoo-user

From: Alex Schuster <wonko@×××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] SSH won't restart
Date: Sat, 08 Sep 2007 17:02:50
In Reply to: [gentoo-user] SSH won't restart by Grant
1 Grant writes:
3 > I just upgraded ssh and when I try to restart I get:
4 >
5 > * Stopping sshd ... [ !! ]
6 >
7 > I don't see anything about it in '/var/log/sshd/current'. How can I
8 > figure out what is wrong? I'm a little nervous because I don't want
9 > to shut myself out of this remote server.
11 Uh-oh! I know how you feel, I also administrate remote servers. Is there
12 a /var/sun/ containing the PID of the running sshd process (you can
13 get it via "pidof sshd")? Maybe it's missing, this would explain the
14 failure to stop.
16 If you think the upgrade is necessary and don't want to wait until you or
17 s.o. else has physical access in case sshd doesn't come up again, you could
18 try to restart sshd manually by issuing a "kill -SIGHUP $( pidof sshd )".
20 > I also noticed many "POSSIBLE BREAK-IN ATTEMPT!" log entries for
21 > usernames that don't exist. Anything I should do about that?
23 I emerged failtoban recently. This allows to monitor ssh attacks (also for
24 other services like ftp and courier), and denies the attacker's IP for a
25 while after some login failures. This keeps sshd logs short and enhances
26 security, in case there are users with simple passwords. Some days ago I
27 received 34 emails from fail2ban telling me about nightly couriersmtp
28 breakin attempts.
29 It does nt work out-of-the-box, but isn't too hard to configure. There are
30 some howtos, but be sure to read current ones, the configuration was
31 changed somewhere between version 0.6 and 0.8. I can mail you my configs if
32 you are interested.
34 Alex
35 --
36 gentoo-user@g.o mailing list