Passwords don't work anywhere, SSH pubkey does. PAM problem?
mellowcellofellow at gmail.com
Mon Jun 7 02:44:33 UTC 2010
Excerpts from Joshua Gardner's message of Sun Jun 06 19:09:13 -0600 2010:
> Excerpts from J's message of Sun Jun 06 16:59:38 -0600 2010:
> > On Sun, Jun 6, 2010 at 16:58, NoOp <glgxg at sbcglobal.net> wrote:
> > > On 06/06/2010 11:29 AM, Joshua Gardner wrote:
> > >> Well, that didn't work. Any other ideas?
> > >
> > > Check:
> > > $ cat /var/log/auth.log
> > > to see if you can find any glaring hints there.
> > And take a look at /etc/passwd too. IIRC, switching someone's shell
> > to something other than one of he shells will give results like that,
> > HOWEVER, that should also prevent you from being able to SSH in and
> > get a shell as well, but it's still worth looking at.
> > I'm wondering if your server wasn't compromised...
> Well, it's not the shell. Still definitely /bin/bash. That wouldn't
> have screwed up Citadel, anyway.
> I've been wondering if it was compromised too, but how would I tell?
> Should I just backup and reinstall?
I had someone look at it over SSH and it appears that either a
corruption or a compromise has damaged all of my PAM libraries; they
don't pass a sha1sum test. I'm just going to reinstall.
A man who carries a cat by its tail learns something he can learn
in no other way.
More information about the ubuntu-users