Date: Mon, 21 Apr 2003 14:53:28 +0300 From: "Toomas Aas" <toomas.aas@raad.tartu.ee> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: sshd: buffer_get trying to get more bytes than in buffer Message-ID: <200304211154.h3LBs3107112@lv.raad.tartu.ee> In-Reply-To: <20030421102316.GB30592@happy-idiot-talk.infracaninophi> References: <200304210820.h3L8KhC30223@lv.raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Matthew Seaman wrote: > On Mon, Apr 21, 2003 at 11:20:21AM +0300, Toomas Aas wrote: > > I've noticed that one of my users logging in via ssh from one particular IP > > always causes this message to appear in auth.log: > > > > Apr 20 15:43:18 heerold sshd[18766]: fatal: buffer_get: trying to get more bytes 4 than in buffer 0 > > > > The same user logs in from several different IP-s and the message only > > appears when he logs in from one particular IP. This leads me to believe > > that it might be just a quirk in the SSH client software he uses on this > > particular PC, but I just wanted to confirm that it's not actually an > > indication of Something Evil in progress. > > http://www.securityfocus.com/archive/121/261925/2002-03-08/2002-03-14/2 > > Looks like damage to the user's authorized_keys file: In this case it seems to be something else, because this user doesn't even have authorized_keys (nor authorized_keys2) files in ~/.ssh But thanks anyway. -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * I spilled spot remover on my dog. Now he's gone.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304211154.h3LBs3107112>