My sshd binary on an ubuntu 10.10 machine contains the following ascii artwork:
ng: %.100sToo many lines in environment file %sUser %.100s not allowed because %s exists YOU WANNA .
SMOKE M A SPLIFF ?
dM
ROLL ME MMr %d TIMES
4MMML .
MMMMM. xf
. MMMMM .MM-
Mh.. MMMMMM .MMMM
.MMM. .MMMMML. MMMMMh
)MMMh. MMMMMM MMMMMMM
3MMMMx. MMMMMMf xnMMMMMM
'*MMMMM MMMMMM. nMMMMMMP
*MMMMMx MMMMM .MMMMMMM=
*MMMMMh MMMMM JMMMMMMP
MMMMMM 3MMMM. dMMMMMM .
MMMMMM MMMM .MMMMM .nnMP
.. *MMMMx MMM dMMMM .nnMMMMM*
MMn... 'MMMMr 'MM MMM .nMMMMMMM*
4MMMMnn.. *MMM MM MMP .dMMMMMMM
MMMMMMMx. *ML M .M* .MMMMMM**
*PMMMMMMhn. *x > M .MMMM**
**MMMMhx/.h/ .=*
.3P %....
nP *MMnx
I'm assuming that this means that my machine has been hacked. Can anyone confirm this? I can't imagine this being a valid file.
Best Answer
compare
grep usr/sbin/sshd /var/lib/dpkg/info/openssh-server.md5sumstomd5sum /usr/sbin/sshd. When they come up with different md5sums, you are no longer using the packaged version. If they are the same, it doesn't mean anything definitive, since anyone who is able to modify your sshd binary obviously has privileges to alter the md5sum recorded in /var/lib/dpkg/info. The next step would be to download the package with the same version from http://packages.ubuntu.com/openssh-server to a trusted computer and check the md5sum there.