Date: Mon, 18 Oct 2004 11:38:38 -0400 From: John DeStefano <john.destefano@gmail.com> To: freebsd-questions@freebsd.org Subject: ssh, daemon, and system errors Message-ID: <f2160e0d04101808384dbca448@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Greetings FBSD-Q listers, Some may recall that I (and a few other folks) reported a massive outburst of ssh connection hammerings on my FBSD 5.0-RELEASE machine a few months ago. The conection attempts are still occurring, usually about 5-10 attempts per day, but occassionally I get a log of someone from a single IP address hammering 50-100 times, and trying to use such accounts as nobody, www, operator, and ftp. There is no record of success by any of these attempts, but I am aware that a well-educated intruder could easily have erased their tracks. Responses from the list included checking 'last' (mine was clean) and using "PermitRootLogin no" in sshd_config. I'm sure more suggestions would include invoking a jalied environment, but I've got no experience in this aside from RTFM. I still don't feel comfortable that this machine, won't be broken into, if it hasn't been already, so I'm open to suggestions on how to tighten things up. In addition to this, I'm beginning to experience some other problems on the machine--maybe related, maybe not, but it seems an odd coincidence that this stuff would begin to break now after about 2 years of near-flawless server performance. Many of these could surely be network-related, but I'm not seeing network problems with other client machines on this network: cvsup still works perfectly; I run it once a week via crontab entry to update everything. ddclient (my ISP assigns dynamic IP addresses) worked fine until about a week ago; since then, I get sporatic socket errors about bad host names and not being able to connect. sshd has always been rock solid until the last few days. Since then, I'm getting timeouts when trying to connect (remotely and from the local network), no matter if I try to connect via a hostaname, domain name, or IP address, but not _all_ of the time. It seems like I can connect about 1/3 of the time, but even then my sessions time out when I'm idle for a very short time, or sometimes while I'm actually typing (which is in fact what happened to me just now). httpd performance has been just as sporatic as sshd, which is a very bad thing. I haven't changed my httpd.config in a year. bind has never worked properly, but I am certain that issue is related only to my inexperience. samba has been screwy. I run a local script to connect to mount_smbfs shares on the network and offer shared directories on this machine. Lately, the shares either don't get connected, or show up in my daily logs as being connected twice. I don't run an ftp on this machine, and that's just about every network daemon I run that can think of (without being able to connect to the machine to check). Finally, I've not been able to update the source on this machine; I keep getting 'error code 1' exit messages, and although I am able to update the index with 'make fetchindex', 'make index' thereafter gives a similar error. I realize none of these are addressible directly without more information and evidence. I wanted to get opinions first before flooding the list with log and config data, but I would be glad to provide the contents of any files, or any other info, on request. This machine has never been this screwed up, so I'm thinking of trying a reinstall or upgrade, but I didn't take good notes while setting this thing up a while ago and I'm nervous about losing settings, or even worse, data. I'm also worried that I won't be able to get everything back up and running the way it was. But I suppose the alternative is to leave it as-is, and that's not working very well. Looking forward to your thoughts. Thanks, ~John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f2160e0d04101808384dbca448>