Re: [cobalt-security] SSH access when off at GUI ??

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 10:49 PM 8/29/2001, you wrote:
> Hi yah again,
>
> Another question :>
>
> With Telnet/Shell deactivated from GUI I noticed this in my logs this
> afternoon...has this been an attempt to access via ssh or has the user
> actually managed to get in as it has accepted a password?? The account has
> now been suspended but curious as to how he can manage when GUI telnet/shell
> is deactivated  (xxx.xxx.xxx.xxx denotes our IP)
>
> Aug 29 09:27:57 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
> Aug 29 09:28:16 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
> Aug 29 09:28:16 ns sshd[16229]: Failed password for illegal user Cameron
> Hart from 172.189.130.184 port 1732
> Aug 29 09:28:16 ns sshd[16229]: Connection closed by 172.189.130.184
> Aug 29 09:28:45 ns sshd[16250]: Accepted password for cameron from
> 172.189.130.184 port 1734
> Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session opened for user cameron
> by (uid=0)
> Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session closed for user cameron
> Last login: Wed Aug 29 09:28:46 2001 from acbd82b8.ipt.aol.com  <---- from
> ssh logs
> Aug 29 10:00:33 ns proftpd[16290]: xxx.xxx.xxx.xxx
> (ACBD82B8.ipt.aol.com[172.189.130.184]) - FTP no transfer timeout,
> disconnected.
>
> Regards
>
> Chae

There is no ssh in the GUI, there is ssl and they are two different 
things.  SSH is installed by someone on the machine and it was not a 
program put there by Cobalt.  Yes you can download it from Cobalt and you 
probably need to update it.  ssh basically lets you do the same things as 
with telnet, but with a secure login.  Please correct me where I am mistaken.