I think I fixed it by commenting one of the following options:
;ConnectRetry = 60 ;IdleTimeout = 60 ;PingTimeout = 120 ;PongTimeout = 20 ;RequireAuthPing = yes
At least connections are now stable and Ngircd does not shutdown itself anymore.
Do you know which option could have caused the automatic shutdown of Ngircd?
Kind regards,
Michiel
On 03/29/2014 12:37 PM, Michiel van Es wrote:
Hello,
I am running Ngircd 21 on CentOS 6.5 64 bit. I compiled Ngircd from source with OpenSSL and PAM to provide the CIA triad (Confidentiality, Integrity and Authentication). I store my passwords with htpassword with crypt and a salt (crypt() alone is not safe enough).
I have noticed that my Ngircd daemon shuts down whenever a client or an ip makes a connection to my port and sends a bogus SSL handshake:
Mar 29 03:42:06 mail ngircd[29098]: Accepted connection 8 from "222.151.83.101:6728" on socket 7. Mar 29 03:42:06 mail ngircd[29098]: SSL protocol error: SSL_accept (error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) Mar 29 03:42:06 mail ngircd[29098]: Shutting down connection 8 (SSL accept error, closing socket) with "222.151.83.101:6728" ... Mar 29 03:42:06 mail ngircd[29098]: Client unregistered (connection 8): SSL accept error, closing socket. Mar 29 03:42:06 mail ngircd[29098]: Connection 8 with "222.151.83.101:6728" closed (in: 0.0k, out: 0.0k). Mar 29 03:43:06 mail ngircd[29098]: Server going down NOW! Mar 29 03:43:06 mail ngircd[29098]: Shutting down all listening sockets (1 total) ... Mar 29 03:43:06 mail ngircd[29098]: ngIRCd done, served 1 connection.
I automatically restart the Ngircd daemon with a check script but directly after it gets hit again:
Mar 29 03:44:01 mail ngircd[29168]: ngIRCd 21-IRCPLUS+PAM+SSL+SYSLOG+ZLIB-x86_64/unknown/linux-gnu started. Mar 29 03:44:01 mail ngircd[29168]: Using configuration file "/usr/local/etc/ngircd.conf" ... Mar 29 03:44:01 mail ngircd[29168]: Configuration option "DHFile" not set! Mar 29 03:44:01 mail ngircd[29168]: OpenSSL 1.0.1e-fips 11 Feb 2013 initialized. Mar 29 03:44:01 mail ngircd[29169]: Running as user ngircd(494), group ngircd(495), with PID 29169. Mar 29 03:44:01 mail ngircd[29169]: Not running with changed root directory. Mar 29 03:44:01 mail ngircd[29169]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Mar 29 03:44:01 mail ngircd[29169]: Created pre-defined channel "#pragmasec". Mar 29 03:44:01 mail ngircd[29169]: Created pre-defined channel "#prive". Mar 29 03:44:01 mail ngircd[29169]: Now listening on [0.0.0.0]:6667 (socket 7). Mar 29 03:44:23 mail ngircd[29169]: Accepted connection 8 from "222.151.83.101:62835" on socket 7. Mar 29 03:44:23 mail ngircd[29169]: SSL protocol error: SSL_accept (error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) Mar 29 03:44:23 mail ngircd[29169]: Shutting down connection 8 (SSL accept error, closing socket) with "222.151.83.101:62835" ... Mar 29 03:44:23 mail ngircd[29169]: Client unregistered (connection 8): SSL accept error, closing socket. Mar 29 03:44:23 mail ngircd[29169]: Connection 8 with "222.151.83.101:62835" closed (in: 0.0k, out: 0.0k). Mar 29 03:45:23 mail ngircd[29169]: Server going down NOW! Mar 29 03:45:23 mail ngircd[29169]: Shutting down all listening sockets (1 total) ... Mar 29 03:45:23 mail ngircd[29169]: ngIRCd done, served 1 connection.
This continues all during the night and I notice that the connection is coming from Japan (if the IP is not spoofed or a Tor endpoint):
[user@mail ~]$ host 222.151.83.101 101.83.151.222.in-addr.arpa domain name pointer 222-151-083-101.jp.fiberbit.net.
I can offcourse block the ip but it seems Ngircd can not withstand the strange SSL connection from the client and shuts itself down.
My config is here: http://www.pragmasec.nl/ngircd.txt (its also a manual how to setup Ngircd + SSL + PAM with hashed+salted passwords - something I think a lot of users are looking for who are wanting PAM auth)
How can I fix this? Is it Ngircd related or related to my config?
THanks for any tips or help.
Regards,
Michiel _______________________________________________
ngIRCd Mailing List: ngIRCd-ML@arthur.barton.de http://arthur.barton.de/mailman/listinfo/ngircd-ml