Re: ssh2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 16, 2008 at 11:30:14AM +0200, roland wrote:
>
> I am using a terminalemulator Anita to login to a server, who validates  
> the ssh connection with 3DES Cipher.
>
> Now this server is hacked, somebody entered with the root user.
> Suddenly I have ssh2

So root has been compromized?
How do you know?

> So now I get the following message, when trying to login:
> dsa_verify failed for server_host_key
>
> I see the directory .ssh2 in the /root directory, but not in any $HOME dir
>
> How can I stop ssh2 verifying?
>
> Or is there something else I can do?

Was Anita compromised?
Was Anita updated?
Was Anita changed?
Was the author of Anita contacted?
Anita for windows?
Anita for the web?

Is Anita connecting to sshd on the linux host in the same way that Putty does?

Can you login and 'su -' to root......

If so you can look at the logs?
Do the logs make sense?

dsa_verify failed for server_host_key tells me that a key was changed
not that the host was compromized... If you update the key the 
old key needs to be removed....  F

Is it possible that the night shift upgraded to ssh2 or added it?
Is it possible that the night shift added (incorrectly) their own key?
-- php, perl, java, etc...

As others indicated -- IF it has been HACKED
SHUT IT DOWN, pull the plug.  The legal liability
of keeping a hacked system up and running 
is large.

Are the keys in the .ssh2 dir telling you anything....

If .ssh2 does not contain your keys -- rename/remove it.

Do the keys in the .ssh2 dir belong to anyone... someone you can call.
Sometimes the comments are informative and id a host or person.

It might be that someone knows what was done in your absence.
Who else has pass words or access to the systems?


-- 
	T o m  M i t c h e l l 
	Found me a new hat, now what?

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux