I have a VPS at openbsd amsterdam that shutdown with the message that _unbound
shut it down when it was my user OR root.
sky# zgrep unbound /var/log/authlog*gz
/var/log/authlog.0.gz:Nov 26 08:59:04 sky shutdown: reboot by _unbound:
It was recorded in the logs as such. I haven't totally figured this out yet
but the services that are open on this host are:
DNS
HTTP
SMTP
SSH
Today I tried several things to get this message again but failed. It must
have come from an outside source that did the setlogin(). At first I thought
it came from unbound like the message says but now I'm leaning more toward
ssh.
sky# grep -v ^# sshd_config | grep -v ^$
Port 1022
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
Subsystem sftp /usr/libexec/sftp-server
I read a bit in the ssh source and it indeed does some libc calls that
eventually end up in a setlogin() but I haven't got a clue on this program
how it is structured.
All I can ask, has anyone seen this before? I'm reinstalling the host tomorrow.Interesting to note I have password authentication turned off.
Best Regards,
-peter
No comments:
Post a Comment