Date: Thu, 1 Mar 2001 00:43:37 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: <freebsd-security@freebsd.org> Subject: sshd weirdness Message-ID: <000801c0a212$90619840$1e9e6389@137.99.156.23>
next in thread | raw e-mail | index | archive | help
I was upgrading my ports recently on a box that was upgraded from 4.1.1-Stable to 4.2-stable about a month ago, and saw the ssh 1.x port installed and in need of upgrade. Now, because i had built world with OpenSSH 2.3.0, i no longer needed the ssh 1.x port, so i deleted it using pkg_delete -f. The uptime on the box had been several weeks. I then remade a new kernel to incorporate some Alt-Q traffic shaper drivers. I didn't cvsup sources, nor did I remake world, I just patched my existing kernel source, and did a config, make depend, and make. I reboot the machine to use the new kernel, and 1. sshd is NOT running, because in rc.conf, sshd_enable is set to OFF for some reason, and 2. when i try to ssh in from a location on the same subnet, I am told the fingerprint has changed. Furthermore, because i deleted the ssh port, /usr/local/etc/rc.d/sshd.sh got removed, which is expected. I didn't know if "SSHD_ENABLED" was already set to "NO". My logs showed no new logins during the period of the kernel upgrades, and no other anomalous behavior has been detected. could my deleting the port have anything to do with OpenSSH starting? I checked /etc/ssh and all the keys have not been modified with a new timestamp. I have another box with locked down firewall in verbose logging on the same hub, and it did not detect any arp changes on the fully switched subnet (rapid arp shifts between 2 MACs is indicative of traffic sniffing and Man-in-middle attacks, since the man-in-middle must present himself as your router). this is puzzling... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c0a212$90619840$1e9e6389>