Is it possible to reinstall sshd w/o an OS restore?

Yes it is possible, however its risky. Your bestbet is to download rpms for it and install them over the old ones. Refering to your old post, if its backdoored you dont know what the attacker did to the system besides it.

easy. download the appropriate rpm, do an rpm -ivh --force on it. do *not* do rpm -e openssh, you will *lose* connectivity to the box as the uninstall scriptlet in the spec does a service sshd stop.

based on the info from your pm, the binary may be trojaned. in such a case, an os reinstall (the easy and certain way) or mounting the drive as a secondary in a different box and cleaning it are the best courses of action, in that order.

p

Where do I find SSHD rpms for RH9.0 and FC 1 ?

Also I ran rkhunter and no trojans etc were found - I had the luxury of doing an OS restore on one of the boxes and that did the trick but as I don't haev the luxury for the downtime nor the funds at hand to do OS restores on 6 other boxes, SSHD reinstall would be best?

[root@eagle home]# netstat -lpte
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 *:32768 *:* LISTEN rpcuser 2893 3139/
tcp 0 0 localhost.localdo:32769 *:* LISTEN root 3257 3258/xinetd
tcp 0 0 *:sunrpc *:* LISTEN root 2812 3120/
tcp 0 0 *:ftp *:* LISTEN nobody 13111573 4396/
tcp 0 0 *:ssh *:* LISTEN root 6962212 17348/Ô[@@¾
@
tcp 0 0 localhost.localdom:smtp *:* LISTEN root 3308 3277/

I've done other tests and this seems to be the only active problem

openssh-3.5p1-11.i386.rpm - is that the rpm i need?

or openssh-server-3.5p1-11.i386.rpm ?

error: Failed dependencies:
libcom_err.so.3 is needed by openssh-3.5p1-11
libcom_err.so.3 is needed by openssh-server-3.5p1-11

i got this on 1 server - qu'est-ceque c'est? lol

got the kr5-lib - and now things seem to be back to normal - rack911 - can i still hire you to look at all my boxes?