[root@fish /root]# ps alxwf F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 100 0 1 0 8 0 1368 544 do_sel S ? 0:03 init [3] 040 0 2 1 9 0 0 0 contex SW ? 0:00 [keventd] 040 0 3 1 9 0 0 0 apm_ma SW ? 0:00 [kapm-idled] 040 0 4 1 10 0 0 0 kswapd SW ? 0:00 [kswapd] 040 0 5 1 9 0 0 0 krecla SW ? 0:00 [kreclaimd] 040 0 6 1 9 0 0 0 bdflus SW ? 0:00 [bdflush] 040 0 7 1 9 0 0 0 kupdat SW ? 0:00 [kupdated] 040 0 8 1 -1 -20 0 0 md_thr SW< ? 0:00 [mdrecoveryd] 040 0 73 1 9 0 0 0 end SW ? 0:00 [khubd] 140 32 471 1 9 0 1512 596 do_pol S ? 0:00 portmap 140 29 486 1 9 0 1564 776 do_sel S ? 0:00 rpc.statd 140 0 570 1 8 0 1352 532 do_sel S ? 0:00 /usr/sbin/apmd -p 10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmscript 040 0 619 1 9 0 1480 648 pipe_w S ? 0:00 /usr/sbin/automount --timeout 60 /misc file /etc/auto.misc 040 2 631 1 9 0 1400 584 nanosl S ? 0:00 /usr/sbin/atd 140 0 678 1 9 0 2240 976 do_sel S ? 0:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid 100 0 773 678 9 0 1716 832 do_sel S ? 0:00 \_ in.telnetd: ql.ensim.com 100 0 774 773 9 0 2404 1468 wait4 S pts/0 0:00 | \_ login -- build 100 500 777 774 9 0 2344 1320 read_c S pts/0 0:00 | \_ -bash 100 0 3796 678 9 0 1716 836 do_sel S ? 0:00 \_ in.telnetd: pmenage-dt.ensim.com 100 0 3797 3796 9 0 2408 1472 wait4 S pts/1 0:00 \_ login -- build 100 500 3798 3797 9 0 2336 1300 wait4 S pts/1 0:00 \_ -bash 000 0 3829 3798 9 0 2256 1032 wait4 S pts/1 0:00 \_ su - 100 0 3831 3829 13 0 2496 1472 wait4 S pts/1 0:00 \_ -bash 100 0 4044 3831 14 0 3000 1136 - R pts/1 0:00 \_ ps alxwf 140 0 705 1 9 0 5008 1936 do_sel S ? 0:00 sendmail: accepting connections 040 0 718 1 9 0 1396 496 do_sel S ? 0:00 gpm -t ps/2 -m /dev/mouse 040 0 730 1 9 0 1552 700 nanosl S ? 0:00 crond 040 0 3883 730 9 0 1564 732 pipe_w S ? 0:00 \_ CROND 100 0 3884 3883 8 0 1920 908 wait4 S ? 0:00 \_ /bin/bash /usr/bin/run-parts /etc/cron.hourly 000 0 3886 3884 9 0 1656 552 pipe_w S ? 0:00 \_ awk -v progname=/etc/cron.hourly/sysstat progname {????? print progname ":\n"????? 100 0 761 1 9 0 1340 436 read_c S tty1 0:00 /sbin/mingetty tty1 100 0 762 1 9 0 1340 436 read_c S tty2 0:00 /sbin/mingetty tty2 100 0 763 1 9 0 1340 436 read_c S tty3 0:00 /sbin/mingetty tty3 100 0 764 1 9 0 1340 436 read_c S tty4 0:00 /sbin/mingetty tty4 100 0 765 1 9 0 1340 436 read_c S tty5 0:00 /sbin/mingetty tty5 100 0 766 1 9 0 1340 436 read_c S tty6 0:00 /sbin/mingetty tty6 040 0 1009 1 8 0 2588 1144 do_sel S ? 0:00 /usr/sbin/sshd 140 0 1111 1009 8 0 3444 1880 do_sel S ? 0:00 \_ /usr/sbin/sshd 140 0 1158 1 9 0 1676 804 do_sel S ? 0:00 syslogd -m 0 040 0 1159 1 9 0 1340 388 do_pol S ? 0:00 minilogd 140 0 1164 1 9 0 2000 1088 do_sys S ? 0:00 klogd -2 040 0 3868 1 9 0 0 0 end SW pts/1 0:00 [rpciod] 040 0 3869 1 9 0 0 0 end SW pts/1 0:00 [lockd] 000 0 3887 1 9 0 1904 880 wait4 S ? 0:00 /bin/sh /usr/lib/sa/sa1 600 6 000 0 3889 3887 9 0 1352 512 pause S ? 0:00 \_ /usr/lib/sa/sadc 600 6 /var/log/sa/sa07 [root@fish /root]# strace -p 1111 select(8, [4 5], [], NULL, NULL [root@fish /root]# lsof -p 1111 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd 1111 root cwd DIR 3,1 4096 2 / sshd 1111 root rtd DIR 3,1 4096 2 / sshd 1111 root txt REG 3,1 232412 979467 /usr/sbin/sshd sshd 1111 root mem REG 3,1 471781 130601 /lib/ld-2.2.2.so sshd 1111 root mem REG 3,1 10874 261339 /lib/security/pam_stack.so sshd 1111 root mem REG 3,1 35352 131194 /lib/libpam.so.0.74 sshd 1111 root mem REG 3,1 79024 130614 /lib/libdl-2.2.2.so sshd 1111 root mem REG 3,1 60112 359207 /usr/lib/libz.so.1.1.3 sshd 1111 root mem REG 3,1 445289 130619 /lib/libnsl-2.2.2.so sshd 1111 root mem REG 3,1 61451 130654 /lib/libutil-2.2.2.so sshd 1111 root mem REG 3,1 869430 359133 /usr/lib/libcrypto.so.0.9.6 sshd 1111 root mem REG 3,1 5634864 816020 /lib/i686/libc-2.2.2.so sshd 1111 root mem REG 3,1 275531 130635 /lib/libnss_files-2.2.2.so sshd 1111 root mem REG 3,1 6080 261332 /lib/security/pam_nologin.so sshd 1111 root mem REG 3,1 49973 261317 /lib/security/pam_console.so sshd 1111 root mem REG 3,1 5046 261319 /lib/security/pam_deny.so sshd 1111 root mem REG 3,1 173807 359110 /usr/lib/libglib-1.2.so.0.0.9 sshd 1111 root mem REG 3,1 13137 261320 /lib/security/pam_env.so sshd 1111 root mem REG 3,1 337384 130643 /lib/libnss_nisplus-2.2.2.so sshd 1111 root mem REG 3,1 88158 130632 /lib/libnss_dns-2.2.2.so sshd 1111 root mem REG 3,1 274054 130648 /lib/libresolv-2.2.2.so sshd 1111 root mem REG 3,1 46971 261343 /lib/security/pam_unix.so sshd 1111 root mem REG 3,1 13858 261326 /lib/security/pam_limits.so sshd 1111 root mem REG 3,1 95362 130612 /lib/libcrypt-2.2.2.so sshd 1111 root mem REG 3,1 14764 261318 /lib/security/pam_cracklib.so sshd 1111 root mem REG 3,1 70446 359100 /usr/lib/libcrack.so.2.7 sshd 1111 root 0u CHR 1,3 179590 /dev/null sshd 1111 root 1u CHR 1,3 179590 /dev/null sshd 1111 root 2u CHR 1,3 179590 /dev/null sshd 1111 root 4u sock 0,0 2176 can't identify protocol sshd 1111 root 5u unix 0xc4e195c0 2183 socket [root@fish /root]# grep 2176 /proc/net/tcp 6: 0310080A:4CB3 1910080A:10AB 01 00000000:00000000 02:00041272 00000000 0 0 2176 2 c521fa60 21 4 0 2 -1 [root@fish /root]# grep 2183 /proc/net/unix c4e195c0: 00000003 00000000 00000000 0001 03 2183 [root@fish /root]# gdb /usr/sbin/sshd 1111 GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)... /root/1111: No such file or directory. Attaching to program: /usr/sbin/sshd, process 1111 Reading symbols from /lib/libpam.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpam.so.0 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /usr/lib/libz.so.1...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libutil.so.1...done. Loaded symbols for /lib/libutil.so.1 Reading symbols from /usr/lib/libcrypto.so.1...done. Loaded symbols for /usr/lib/libcrypto.so.1 Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/security/pam_stack.so...done. Loaded symbols for /lib/security/pam_stack.so Reading symbols from /lib/security/pam_nologin.so...done. Loaded symbols for /lib/security/pam_nologin.so Reading symbols from /lib/security/pam_console.so...done. Loaded symbols for /lib/security/pam_console.so Reading symbols from /usr/lib/libglib-1.2.so.0...done. Loaded symbols for /usr/lib/libglib-1.2.so.0 Reading symbols from /lib/security/pam_deny.so...done. Loaded symbols for /lib/security/pam_deny.so Reading symbols from /lib/libnss_nisplus.so.2...done. Loaded symbols for /lib/libnss_nisplus.so.2 Reading symbols from /lib/libnss_dns.so.2...done. Loaded symbols for /lib/libnss_dns.so.2 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/security/pam_env.so...done. Loaded symbols for /lib/security/pam_env.so Reading symbols from /lib/security/pam_unix.so...done. Loaded symbols for /lib/security/pam_unix.so Reading symbols from /lib/libcrypt.so.1...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /lib/security/pam_cracklib.so...done. Loaded symbols for /lib/security/pam_cracklib.so Reading symbols from /usr/lib/libcrack.so.2...done. Loaded symbols for /usr/lib/libcrack.so.2 Reading symbols from /lib/security/pam_limits.so...done. Loaded symbols for /lib/security/pam_limits.so 0x401ec90e in __select () from /lib/i686/libc.so.6 (gdb) bt #0 0x401ec90e in __select () from /lib/i686/libc.so.6 #1 0x00000000 in __strtol_internal (nptr=0xbffff284 "PŮ\t\b !\t\b\a", endptr=0xbffff288, base=-1073745268, group=0) (gdb) The program is running. Quit anyway (and detach it)? (y or n) y [root@fish /root]# rpm -qi openssh-server Name : openssh-server Relocations: (not relocateable) Version : 2.5.2p2 Vendor: Red Hat, Inc. Release : 5 Build Date: Sun 08 Apr 2001 04:10:17 PM PDT Install date: Thu 07 Jun 2001 02:56:53 PM PDT Build Host: porky.devel.redhat.com Group : System Environment/Daemons Source RPM: openssh-2.5.2p2-5.src.rpm Size : 277680 License: BSD Packager : Red Hat, Inc. URL : http://www.openssh.com/portable.html Summary : OpenSSH Secure Shell protocol server (sshd) Description : Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains the secure shell daemon. The sshd is the server part of the secure shell protocol and allows ssh clients to connect to your host. [root@fish /root]# rpm -qi openssh Name : openssh Relocations: (not relocateable) Version : 2.5.2p2 Vendor: Red Hat, Inc. Release : 5 Build Date: Sun 08 Apr 2001 04:10:17 PM PDT Install date: Thu 07 Jun 2001 02:56:14 PM PDT Build Host: porky.devel.redhat.com Group : Applications/Internet Source RPM: openssh-2.5.2p2-5.src.rpm Size : 425766 License: BSD Packager : Red Hat, Inc. URL : http://www.openssh.com/portable.html Summary : OpenSSH free Secure Shell (SSH) implementation Description : Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.