| 1 |
Grant writes: |
| 2 |
|
| 3 |
> I just upgraded ssh and when I try to restart I get: |
| 4 |
> |
| 5 |
> * Stopping sshd ... [ !! ] |
| 6 |
> |
| 7 |
> I don't see anything about it in '/var/log/sshd/current'. How can I |
| 8 |
> figure out what is wrong? I'm a little nervous because I don't want |
| 9 |
> to shut myself out of this remote server. |
| 10 |
|
| 11 |
Uh-oh! I know how you feel, I also administrate remote servers. Is there |
| 12 |
a /var/sun/sshd.pid containing the PID of the running sshd process (you can |
| 13 |
get it via "pidof sshd")? Maybe it's missing, this would explain the |
| 14 |
failure to stop. |
| 15 |
|
| 16 |
If you think the upgrade is necessary and don't want to wait until you or |
| 17 |
s.o. else has physical access in case sshd doesn't come up again, you could |
| 18 |
try to restart sshd manually by issuing a "kill -SIGHUP $( pidof sshd )". |
| 19 |
|
| 20 |
> I also noticed many "POSSIBLE BREAK-IN ATTEMPT!" log entries for |
| 21 |
> usernames that don't exist. Anything I should do about that? |
| 22 |
|
| 23 |
I emerged failtoban recently. This allows to monitor ssh attacks (also for |
| 24 |
other services like ftp and courier), and denies the attacker's IP for a |
| 25 |
while after some login failures. This keeps sshd logs short and enhances |
| 26 |
security, in case there are users with simple passwords. Some days ago I |
| 27 |
received 34 emails from fail2ban telling me about nightly couriersmtp |
| 28 |
breakin attempts. |
| 29 |
It does nt work out-of-the-box, but isn't too hard to configure. There are |
| 30 |
some howtos, but be sure to read current ones, the configuration was |
| 31 |
changed somewhere between version 0.6 and 0.8. I can mail you my configs if |
| 32 |
you are interested. |
| 33 |
|
| 34 |
Alex |
| 35 |
-- |
| 36 |
gentoo-user@g.o mailing list |
Archives