i cannot connect to my server via ssh, it throws me a "server unexpectedly closed connection" after entering the password.
in var/log/messages
the only noteable message is:
Apr 14 17:41:23 s15410270 kernel: sshd[3602]: segfault at c0 ip 7f0801acbdb0 sp 7fff0adff860 error 4 in libc-2.8.so[7f0801a87000+14f000]
Apr 14 17:41:29 s15410270 kernel: sshd[3606]: segfault at c0 ip 7f75f9463db0 sp 7fff027971f0 error 4 in libc-2.8.so[7f75f941f000+14f000]
This message appears after a log in attempt via ssh or via sftp
Its a SuSE Linux server.
I'm looking for help where to start to search for the error, i can still act as root via a serial console.
edit: "server unexpectedly closed connection" only appears if i enter the correct password!
Best Answer
Check to make sure you weren't compromised. Run an rpm verify on your ssh daemon... You may also want to get a tool like
chkrootkit
installed and running.rpm -vV openssh | grep 'S\.5'
should work for SuSE. Post the output.Also see the details posted in: sshd running but no PID file