Re: Have I been hacked?

hkg166@xxxxxxxxx wrote:
I was using RSA keys authentication and it was working fine. I just
noticed someone logged onto my computer other than me. I checked, and
it seems like sshd is now not checking the keys. I have not changed my
sshd_config in some time. Is there something that stops it from
working lately?

Thanks.. (I am running OS X 10.4)

# Authentication:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

If, by "not checking the keys", you mean sshd is allowing users to authenticate with passwords, you need to check the PasswordAuthentication option in sshd_config.

If you mean that users can authenticate with a bogus RSA key, you have a real problem.