On 22 Nov 2004, at 10:24, Louis Poncet wrote:

> Can you check if you gave or not the option (safemode for auth) in
> redhat73-cfg.h :
>
> auth.safemode                     yes

No, it looks like my redhat73-cfg doesn't have that line. Do I need to
add??
>
> What is the problem order :

that WN was fine with no connection proble>>>then our computer services
reported the "probing from that WN" incident on last Saturday>>>I asked
somebody just to disconnect that WN from the network>>>and this morning
I can't connect that WN, even on the terminal.

The I tried changing the password file oh LCFG - it worked for every
other WNs, except that one.

Santanu

>
> You can connect with no problem  >>> then day after you can not anymore
> >>> try to change the password (and still not able to connect)
> OR
> You can connect with no problem  >>>  try to change the password >>
> then cannot connect anymore.
>
> Lp
>
>
> On 22 nov. 04, at 11:07, Santanu Das wrote:
>
>> Hi,
>>
>> We are suspecting that one of our WNs may have been compromised by a
>> wide-scale ssh probe on Sat from a Taiwanese host, 192.192.73.5 and as
>> a result, now I can't log in as root on that WN. I changed the
>> password-cfg.h on LCFG and remake the profile for that particular node
>> but still I can't use that new password on that WN. I don't want to
>> reboot that WN just now. Does anyone know, how that "change of
>> password"  works between LCFG and the WN? Or any idea how can I change
>> the password on that compromised WN so that I can log in without
>> rebooting the node?
>>
>> Thanks,
>> Santanu
>>
> --
> Louis Poncet
> Where: Bat28-R-003 CERN
> CH-1211 Geneve 23
> Mail : [log in to unmask]
> Phone: +41(0)227.674.231
> LAL / IN2P3 / CNRS / CERN