remove biblioteca compartilhada do sshd [duplicado]

mv /lib64/libkeyutils.so.1.9 /root
service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libkeyutils.so.1: cannot open shared object file: No such file or directory
                                                           [FAILED]

Como posso removê-lo do SSHD?

Precisa corrigir isso: link

REF sobre este exploit agora que eu ouvi sobre isso: link

They are not logging in with root, nor are they even spawning a bash process. If the lib is moved out, and sshd is restarted they cannot login anymore fwiw.

The key is finding out how they are getting in. Fully upgraded, ssh key restricted sshd, on non-standard ports are being compromised. None of my customers are, but I have been getting alot of sales inquiries with this issue so I don't know the full history of the machines.

[/lib64]# rpm -vV openssh
.........    /etc/ssh
.........  c /etc/ssh/moduli
.........    /usr/bin/ssh-keygen
.........    /usr/libexec/openssh
.........    /usr/libexec/openssh/ssh-keysign
.........    /usr/share/doc/openssh-5.3p1
.........  d /usr/share/doc/openssh-5.3p1/CREDITS
.........  d /usr/share/doc/openssh-5.3p1/ChangeLog
.........  d /usr/share/doc/openssh-5.3p1/INSTALL
.........  d /usr/share/doc/openssh-5.3p1/LICENCE
.........  d /usr/share/doc/openssh-5.3p1/OVERVIEW
.........  d /usr/share/doc/openssh-5.3p1/PROTOCOL
.........  d /usr/share/doc/openssh-5.3p1/PROTOCOL.agent
.........  d /usr/share/doc/openssh-5.3p1/README
.........  d /usr/share/doc/openssh-5.3p1/README.dns
.........  d /usr/share/doc/openssh-5.3p1/README.nss
.........  d /usr/share/doc/openssh-5.3p1/README.platform
.........  d /usr/share/doc/openssh-5.3p1/README.privsep
.........  d /usr/share/doc/openssh-5.3p1/README.smartcard
.........  d /usr/share/doc/openssh-5.3p1/README.tun
.........  d /usr/share/doc/openssh-5.3p1/TODO
.........  d /usr/share/doc/openssh-5.3p1/WARNING.RNG
.........  d /usr/share/man/man1/ssh-keygen.1.gz
.........  d /usr/share/man/man8/ssh-keysign.8.gz
[/lib64]# rpm -vV openssh-clients
S.5....T.  c /etc/ssh/ssh_config
.........    /usr/bin/.ssh.hmac
.........    /usr/bin/scp
.........    /usr/bin/sftp
.........    /usr/bin/slogin
.........    /usr/bin/ssh
.........    /usr/bin/ssh-add
.........    /usr/bin/ssh-agent
.........    /usr/bin/ssh-copy-id
.........    /usr/bin/ssh-keyscan
.........  d /usr/share/man/man1/scp.1.gz
.........  d /usr/share/man/man1/sftp.1.gz
.........  d /usr/share/man/man1/slogin.1.gz
.........  d /usr/share/man/man1/ssh-add.1.gz
.........  d /usr/share/man/man1/ssh-agent.1.gz
.........  d /usr/share/man/man1/ssh-copy-id.1.gz
.........  d /usr/share/man/man1/ssh-keyscan.1.gz
.........  d /usr/share/man/man1/ssh.1.gz
.........  d /usr/share/man/man5/ssh_config.5.gz
[/lib64]# rpm -vV openssh-server
.......T.  c /etc/pam.d/ssh-keycat
S.5....T.  c /etc/pam.d/sshd
.........    /etc/rc.d/init.d/sshd
S.5....T.  c /etc/ssh/sshd_config
.........  c /etc/sysconfig/sshd
.........    /usr/libexec/openssh/sftp-server
.........    /usr/libexec/openssh/ssh-keycat
.........    /usr/sbin/.sshd.hmac
.........    /usr/sbin/sshd
.........    /usr/share/doc/openssh-server-5.3p1
.........  d /usr/share/doc/openssh-server-5.3p1/HOWTO.ssh-keycat
.........  d /usr/share/man/man5/moduli.5.gz
.........  d /usr/share/man/man5/sshd_config.5.gz
.........  d /usr/share/man/man8/sftp-server.8.gz
.........  d /usr/share/man/man8/sshd.8.gz
.........    /var/empty/sshd

e

[/lib64]# rpm -qf /lib64/libkeyutils.so.1.9
file /lib64/libkeyutils.so.1.9 is not owned by any package
[/lib64]# rpm -vV keyutils-libs
....L....    /lib64/libkeyutils.so.1
.........    /lib64/libkeyutils.so.1.3
.........    /usr/share/doc/keyutils-libs-1.4
.........  d /usr/share/doc/keyutils-libs-1.4/LICENCE.LGPL