ssh binary modified
Nick Knight
nick at stormunix.co.uk
Fri Nov 26 14:24:13 UTC 2010
Hi,
I've just found a problem with ssh on one of my servers, I'm hoping someone
can give me some insight into what's caused the problem.
When I try to use scp or ftp I get the following error:
command-line: line 0: Bad configuration option: PermitLocalCommand
lost connection
I've just noticed my /usr/bin/ssh binary was modified two days ago although
no updates have been run.
I've noticed a strange new file: /etc/ssh/.sshd_auth
This has file permission 755 and contained two entries of my plain text
login:
myuser:clearpassword
myuser:clearpassword
FreeBSD hostname 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC
2009 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
OpenSSH_5.2p1 FreeBSD-20090522, SSH protocols 1.5/2.0, OpenSSL 0x009080bf
MD5 (/usr/bin/ssh) = 39d889822b743a86ab150e12692c85b7
Has anyone seen the file /etc/ssh/.sshd_auth before?
Cheers
--
Regards
Nick Knight
More information about the freebsd-security
mailing list