1 |
Grant writes: |
2 |
|
3 |
> I just upgraded ssh and when I try to restart I get: |
4 |
> |
5 |
> * Stopping sshd ... [ !! ] |
6 |
> |
7 |
> I don't see anything about it in '/var/log/sshd/current'. How can I |
8 |
> figure out what is wrong? I'm a little nervous because I don't want |
9 |
> to shut myself out of this remote server. |
10 |
|
11 |
Uh-oh! I know how you feel, I also administrate remote servers. Is there |
12 |
a /var/sun/sshd.pid containing the PID of the running sshd process (you can |
13 |
get it via "pidof sshd")? Maybe it's missing, this would explain the |
14 |
failure to stop. |
15 |
|
16 |
If you think the upgrade is necessary and don't want to wait until you or |
17 |
s.o. else has physical access in case sshd doesn't come up again, you could |
18 |
try to restart sshd manually by issuing a "kill -SIGHUP $( pidof sshd )". |
19 |
|
20 |
> I also noticed many "POSSIBLE BREAK-IN ATTEMPT!" log entries for |
21 |
> usernames that don't exist. Anything I should do about that? |
22 |
|
23 |
I emerged failtoban recently. This allows to monitor ssh attacks (also for |
24 |
other services like ftp and courier), and denies the attacker's IP for a |
25 |
while after some login failures. This keeps sshd logs short and enhances |
26 |
security, in case there are users with simple passwords. Some days ago I |
27 |
received 34 emails from fail2ban telling me about nightly couriersmtp |
28 |
breakin attempts. |
29 |
It does nt work out-of-the-box, but isn't too hard to configure. There are |
30 |
some howtos, but be sure to read current ones, the configuration was |
31 |
changed somewhere between version 0.6 and 0.8. I can mail you my configs if |
32 |
you are interested. |
33 |
|
34 |
Alex |
35 |
-- |
36 |
gentoo-user@g.o mailing list |