On Sun, Apr 16, 2006 at 11:42:00AM -0400, Justin Pryzby wrote: > What about strace without -f? I just tested with strace -o /dev/null sh, and > I > am still able to run sudo. It isn't clear to me whether this will catch the > problem; it depends on the server crashing (you said it did, no?) and sshd not > forking before it tries to read urandom.
I restarted it without -f, and sshd stayed up for about 6 days. Unfortunately when I look at the log file its mtime is about 6 days ago.. so I doubt very much it has anything useful in it. I'll look into running another sshd on a higher port for my own needs and strace one on port 22. The dictionary attacks should still trigger this eventually. Cheers, Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
