Date: Fri, 26 Nov 2010 13:55:58 +0000 From: Nick Knight <nick@stormunix.co.uk> To: freebsd-security@freebsd.org Subject: ssh binary modified Message-ID: <AANLkTi=eaYSFJygru1NBqkNTBoC=2oKLuDJ1XGkMpEsC@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I've just found a problem with ssh on one of my servers, I'm hoping someone can give me some insight into what's caused the problem. When I try to use scp or ftp I get the following error: command-line: line 0: Bad configuration option: PermitLocalCommand lost connection I've just noticed my /usr/bin/ssh binary was modified two days ago although no updates have been run. I've noticed a strange new file: /etc/ssh/.sshd_auth This has file permission 755 and contained two entries of my plain text login: myuser:clearpassword myuser:clearpassword FreeBSD hostname 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 OpenSSH_5.2p1 FreeBSD-20090522, SSH protocols 1.5/2.0, OpenSSL 0x009080bf MD5 (/usr/bin/ssh) = 39d889822b743a86ab150e12692c85b7 Has anyone seen the file /etc/ssh/.sshd_auth before? Cheers -- Regards Nick Knight
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=eaYSFJygru1NBqkNTBoC=2oKLuDJ1XGkMpEsC>