Joy Methew wrote:
Hello all,
i m using RHEL5.3 as a my mail server with real ip.i
configure my system mostly remotely.last login time of my system 27 jan
from this ip 118.129.153.43.
than i try to login at 28 jan in morning so i can`t got authentication as
root from my last password.
than i reboot the system reset my password.
i login as a root than i run "last" command i m sending tha first 10 lines
of last command...i thinks someone hack my system.i am sending history
command output.
now i remove .ssh directory and /var/tmp/*
please suggest wat is this??
<snip>
Copy your /root/.ssh/authorized_keys to a backup name, and edit the existing
one to remove the last one or two, but REMOVE THE KEY YOU SEE IN THERE THAT
MATCHES THE ONE IN THE ECHO COMMAND. Otherwise, your attacker will just get in
*without* a password, just an exchange of public and private keys via ssh.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
