[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Authentication breakdown

On Tue, Apr 7, 2015 at 10:02 AM, francis picabia <fpicabia@gmail.com> wrote:
> I'm having a perplexing problem around authentication on my home system.
> It has been running 32 bit Debian for years, and up to date with Debian 7.
> Nothing new had been installed or configured for months, only
> aptitude update and aptitude safe-upgrade.
> This morning, checking email, I found thunderbird could not login to dovecot.
> Restarted dovecot and no difference.
> SSH login failed from two different systems.
> I checked that the firewall on Linux was off.
> I checked last reports and there was no unusual access.
> Tested with chkrootkit and nothing came up.
> This system is normally protected by unusual ssh port
> plus denyhosts against brute force login.
> nsswitch.conf had compat for passwd, group and shadow,
> and I switched it to "files", with no difference.  Nothing
> seemed odd under /etc/pam.d with the common-* files.
> Console login as my user or as root failed.
> dmesg didn't report anything unusual happened.
> Tried a passwd refresh to a new password.  That required
> entering my existing password, and entering the existing
> password worked.  However it wouldn't allow ssh or console
> login with the changed password.  I changed it back
> to the usual password, and again, it accepted the
> old password when prompted.
> Eventually I was locked out when the screen save came on
> after leaving it alone for awhile.  I rebooted, and the system still
> has this wacky behaviour.  In addition, the gdm screen
> does not come up - displaying only an hourglass.
> VT consoles do come up after reboot, but again,
> console login as myself or root are failing,
> and ssh login from remote as myself is failing.
> I've never seen something like this fail before unless I had
> been messing around with pam configuration files.  I'm currently
> unable to get into the system so I'll be getting a rescue CD
> set up to use later today.
> Anyone have suggestions on what could have happened?

Working on this some more...

On a single user login I can login as root, but not once it starts
services.  I've attempted to trim back inits, but so far no difference
once it comes up after single user mode.

In single user mode I can run debsums -cs and it doesn't discover
anything corrupted other than something I know about, like flashplayer.
/etc/inittab has the expected getty services, and lsattr doesn't
show anything odd about /sbin/getty.

I'd like to see something that describes the bare minimum to get
Debian to boot multiuser - looking at rcconf there are several I'm
not sure I can do without.  It is a system that has come from Debian 5
to 6 to 7 so there are possibly left overs.  But again, this is nothing
new and has not impacted anything before.  The system had been
rebooted about a month before.

Reply to: