After the latest updates, and restoring the /etc/pam.d/login and /etc/pam.d/passwd files to the originals, I got this
Mar 14 16:30:25 chromium sshd[27831]: input_userauth_request: illegal user root Mar 13 16:30:25 chromium sshd[27831]: PAM unable to dlopen(/lib/security/pam_unix.so) Mar 13 16:30:25 chromium sshd[27831]: PAM [dlerror: /lib/libc.so.6: version `GLIBC_2.3' not found (required by /lib/security/pam_unix.so)] Mar 13 16:30:25 chromium sshd[27831]: PAM adding faulty module: /lib/security/pam_unix.so Mar 13 16:30:25 chromium sshd[27831]: Could not reverse map address 207.177.51.238. Mar 13 16:30:25 chromium sshd[27831]: Failed none for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:30:25 chromium sshd[27831]: Failed keyboard-interactive for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:31:10 chromium sshd[27831]: Failed password for illegal user root from 207.177.51.238 port 53278 ssh2 Mar 13 16:31:43 chromium last message repeated 2 times Mar 13 16:31:43 chromium sshd[27831]: Connection closed by 207.177.51.238
/etc/passwd has root as the first entry.
moreover, the failed password message happens when I'm prompted for my password, NOT after I type in the password and hit the <Enter> key.
Fortunately, everything started working after a '/etc/init.d/ssh restart'.
Needless to say, I was a touch freaked out ... This is on a server that I've got a very large investment in.
I was afraid of being forever locked out of that box, a major distaster.
WTH happened here?
-- Christopher L. Everett Chief Technology Officer The Medical Banner Exchange Physicians Employment on the Internet
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
