Recent PAM Upgrade
After the latest updates, and restoring the /etc/pam.d/login and /etc/pam.d/passwd
files to the originals, I got this
Mar 14 16:30:25 chromium sshd[27831]: input_userauth_request: illegal user root
Mar 13 16:30:25 chromium sshd[27831]: PAM unable to dlopen(/lib/security/pam_unix.so)
Mar 13 16:30:25 chromium sshd[27831]: PAM [dlerror: /lib/libc.so.6: version `GLIBC_2.3' not found (required by /lib/security/pam_unix.so)]
Mar 13 16:30:25 chromium sshd[27831]: PAM adding faulty module: /lib/security/pam_unix.so
Mar 13 16:30:25 chromium sshd[27831]: Could not reverse map address 207.177.51.238.
Mar 13 16:30:25 chromium sshd[27831]: Failed none for illegal user root from 207.177.51.238 port 53278 ssh2
Mar 13 16:30:25 chromium sshd[27831]: Failed keyboard-interactive for illegal user root from 207.177.51.238 port 53278 ssh2
Mar 13 16:31:10 chromium sshd[27831]: Failed password for illegal user root from 207.177.51.238 port 53278 ssh2
Mar 13 16:31:43 chromium last message repeated 2 times
Mar 13 16:31:43 chromium sshd[27831]: Connection closed by 207.177.51.238
/etc/passwd has root as the first entry.
moreover, the failed password message happens when I'm prompted for my password, NOT after I
type in the password and hit the <Enter> key.
Fortunately, everything started working after a '/etc/init.d/ssh restart'.
Needless to say, I was a touch freaked out ... This is on a server that I've
got a very large investment in.
I was afraid of being forever locked out of that box, a major distaster.
WTH happened here?
--
Christopher L. Everett
Chief Technology Officer
The Medical Banner Exchange
Physicians Employment on the Internet
Reply to: