From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IU3hp-0003lp-VX for garchives@archives.gentoo.org; Sat, 08 Sep 2007 17:02:50 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l88Gruw0012854; Sat, 8 Sep 2007 16:53:56 GMT Received: from mail.askja.de (mail.askja.de [83.137.103.136]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l88GkeZS003538 for ; Sat, 8 Sep 2007 16:46:40 GMT Received: from xdsl-213-196-193-37.netcologne.de ([213.196.193.37] helo=zone.wonkology.org) by mail.askja.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.67) (envelope-from ) id 1IU3SC-0004da-9p for gentoo-user@lists.gentoo.org; Sat, 08 Sep 2007 18:46:40 +0200 Received: from weird.wonkology.org (weird.wonkology.org [::ffff:192.168.1.4]) by zone.wonkology.org with esmtp; Sat, 08 Sep 2007 18:46:35 +0200 id 0003018C.46E2D1EB.00007A63 From: Alex Schuster Organization: Wonkology To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH won't restart Date: Sat, 8 Sep 2007 18:46:34 +0200 User-Agent: KMail/1.9.7 References: <49bf44f10709080840k4f64df08r1f3ba9a4e3b4f031@mail.gmail.com> In-Reply-To: <49bf44f10709080840k4f64df08r1f3ba9a4e3b4f031@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200709081846.34662.wonko@wonkology.org> X-Archives-Salt: 77ba7384-cbad-4182-8938-401001ecaa91 X-Archives-Hash: 43b6b32c12ac7dd874a74f8d697d9b6b Grant writes: > I just upgraded ssh and when I try to restart I get: > > * Stopping sshd ... [ !! ] > > I don't see anything about it in '/var/log/sshd/current'. How can I > figure out what is wrong? I'm a little nervous because I don't want > to shut myself out of this remote server. Uh-oh! I know how you feel, I also administrate remote servers. Is there a /var/sun/sshd.pid containing the PID of the running sshd process (you can get it via "pidof sshd")? Maybe it's missing, this would explain the failure to stop. If you think the upgrade is necessary and don't want to wait until you or s.o. else has physical access in case sshd doesn't come up again, you could try to restart sshd manually by issuing a "kill -SIGHUP $( pidof sshd )". > I also noticed many "POSSIBLE BREAK-IN ATTEMPT!" log entries for > usernames that don't exist. Anything I should do about that? I emerged failtoban recently. This allows to monitor ssh attacks (also for other services like ftp and courier), and denies the attacker's IP for a while after some login failures. This keeps sshd logs short and enhances security, in case there are users with simple passwords. Some days ago I received 34 emails from fail2ban telling me about nightly couriersmtp breakin attempts. It does nt work out-of-the-box, but isn't too hard to configure. There are some howtos, but be sure to read current ones, the configuration was changed somewhere between version 0.6 and 0.8. I can mail you my configs if you are interested. Alex -- gentoo-user@gentoo.org mailing list