[SunHELP] SSH Server Operations

Dale Ghent daleg at elemental.org
Thu Aug 19 08:36:23 CDT 2004

On Aug 19, 2004, at 9:28 AM, Vermette, Matt Spawar (723) wrote:

> Good morning,
> I have secured my Solars 9 12/03 database server well and have 
> disallowed console entries by removing the "co" entry in the 
> /etc/inittab

Wow, that's pretty unorthodox... and unsafe. Wouldn't you think that if 
an unauthorized someone were able to get on your server's console, you 
have bigger problems on your hands? Besides, any failed login attempts 
from the console are happily logged by the system.  I would wager that 
it'll take more than one try for an intruder on the console to guess 
the password.

> I have also secured my SSH Server daemon by allowing MaxConnections 2.

Why bother limiting connections at all? I don't see the utility behind 

> The delima I have is this:
> I attempt to login to the db server utilizing ssh and I get an error 
> telling me "Too many connections".  Apparently, I have two dirty 
> logouts on the system that is disallowing me to connect.

Good job, sailor. You just "secured" even yourself out of your own 
server and since you killed the console, you have no way to log in.

> I could do a "ctrl break" at the console to access the "ok" prompt but 
> I would like to reserve that option for a rainy day.
> Any suggestions would be helpful.

Well, since you can't log in, you CAN'T log in. Your only recourse is 
to pop in a Solaris boot CD, break to the ok prompt, and boot into 
single user mode from the CD, then mount your root file system, and 
undo the edits you made.


More information about the SunHELP mailing list