Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

lots of "Postponed publickey for oracle from <IP>"

from [Russell Fulton] Network Security [Permanent Link]
Subject: lots of "Postponed publickey for oracle from <IP>"
Date: Wed, 03 Oct 2007 14:30:02 +1300 
HI

In the sshd logs of our oracle cluster machines (which are running RHE
linux we are seeing a Postponed record before every Accepted record. 
This happens for automated 'checks' that the machines do about once
every 10 seconds and also for manual logins.

There are two machines involved which do frequent ssh logins from the
oracle accound of one to the oracle account of the other (and vise versa).

The set up in ~oracle/.ssh looks fine on both machines, all files are
owned and readable by oracle.  Each machine has the appropriate key in
its authorized_keys file and it all works fine except for the
'Postponed' messages in the log file.

I have tried to replicate the scenario on an other pair of machines but
can not reproduce the messages (I can not fiddle on our main production
database system ;)

I have done some hours research on the web around this and have also
posted to another security list where there are plenty of clueful people.

I have found several people asking the same question but no answers.

My own research suggests that there is some sort of asynchronous check
happening in sshd that is related to the keys and if a response is slow
then the whole process is started again and the postponed message is
written.  Googling on the message returns several sets of ssh debug
output which show the postponed messages.  They also show sshd repeating
the authentication process....

This isn't a huge issue but I don't like key systems like our database
servers generating log messages that I don't understand!

Russell.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • lots of "Postponed publickey for oracle from <IP>", Russell Fulton <=
Previous by Date:  Re: ssh without encryption (authentication only)?, Val Baranov
Next by Date:  Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Previous by Thread:  Re: ssh without encryption (authentication only)?, Val Baranov
Next by Thread:  Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Indexes:  [Date] [Thread] [Top] [All Lists]