Blog

SSH: Unknown option -t

Apr 2, 2008
Category:Linux 

Unable to establish an SSH connection to a server, I had to log in locally. I attempted to restart the ssh service but was presented with:

sshd: OpenSSH_4.3p2 on i686-pc-linux-gnu

Unknown option -t


The -t option is to test the configuration, and should exist as stated in the man page.

Still not 100% sure as to the cause, but this error is on a compromised server on which we found a phishing site and other malicious things. This could well be a backdoor for the hacker to return.

Upgrading/reinstalling the ssh package fixed the problem.

However, due to other possible backdoors and for security reasons, the operating system was reinstalled.

This may not be the only solution, but in this case it was hard to tell if there were any other backdoors, so it seemed the best solution. I have kept the dodgy sshd binary to compare to a fresh version to see if there are any clues as to what happened:

Real sshd is 348K in size and has an MD5 of 72c4319a64648ecc0cd64db235c23de9
Dodgy sshd is 2.3M in size and has an MD5 of b3fb29e9360e839ceff6af75e11d5db2

Quite a difference in size, and as they are both meant to be the same version (4.3p2-9) this would suggest this is in fact a backdoor. I have also included MD5's incase anyone finds it useful.

Viewing the content of the files isn't much help as its a binary, decompiling and comparing could be useful but not something I am familiar with.

I could not find any reference to this error on the net!


Comments