[SunHELP] SSH Server Operations
Dale Ghent
daleg at elemental.org
Thu Aug 19 08:36:23 CDT 2004
On Aug 19, 2004, at 9:28 AM, Vermette, Matt Spawar (723) wrote:
> Good morning,
>
> I have secured my Solars 9 12/03 database server well and have
> disallowed console entries by removing the "co" entry in the
> /etc/inittab
Wow, that's pretty unorthodox... and unsafe. Wouldn't you think that if
an unauthorized someone were able to get on your server's console, you
have bigger problems on your hands? Besides, any failed login attempts
from the console are happily logged by the system. I would wager that
it'll take more than one try for an intruder on the console to guess
the password.
> I have also secured my SSH Server daemon by allowing MaxConnections 2.
Why bother limiting connections at all? I don't see the utility behind
that.
> The delima I have is this:
>
> I attempt to login to the db server utilizing ssh and I get an error
> telling me "Too many connections". Apparently, I have two dirty
> logouts on the system that is disallowing me to connect.
Good job, sailor. You just "secured" even yourself out of your own
server and since you killed the console, you have no way to log in.
> I could do a "ctrl break" at the console to access the "ok" prompt but
> I would like to reserve that option for a rainy day.
>
> Any suggestions would be helpful.
Well, since you can't log in, you CAN'T log in. Your only recourse is
to pop in a Solaris boot CD, break to the ok prompt, and boot into
single user mode from the CD, then mount your root file system, and
undo the edits you made.
/dale
More information about the SunHELP
mailing list