Re: Have I been hacked?

From: Steve Sentoff <steve30401@xxxxxxxxxxx>
Date: Mon, 06 Aug 2007 15:50:32 -0500

hkg166@xxxxxxxxx wrote:

I was using RSA keys authentication and it was working fine. I just
noticed someone logged onto my computer other than me. I checked, and
it seems like sshd is now not checking the keys. I have not changed my
sshd_config in some time. Is there something that stops it from
working lately?

Thanks.. (I am running OS X 10.4)

# Authentication:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

If, by "not checking the keys", you mean sshd is allowing users to authenticate with passwords, you need to check the PasswordAuthentication option in sshd_config.

If you mean that users can authenticate with a bogus RSA key, you have a real problem.
--
Steve
.

References:
- Have I been hacked?
  - From: hkg166

Prev by Date: Have I been hacked?
Next by Date: Re: Have I been hacked?
Previous by thread: Have I been hacked?
Next by thread: Re: Have I been hacked?
Index(es):
- Date
- Thread

Relevant Pages

Re: known_hosts file on trusted server
... them as there are for SSL and PGP keys, and people are far too willing ... effective for authenticating the actual server, ... robust, manageable, scalable methods of server authentication. ... although OpenSSH has had Kerberos *client* ...
(comp.security.ssh)
RE: 802.1x RADIUS Deployment in Wireless LAN
... To talk about WPA in Wi-Fi Alliance's ... EAP in combination with 802.1X is used for Authentication. ... or use Pre-shared keys (typically in homes where you can't have a RADIUS ... such features need to be built on the cards as the cards use these features ...
(Security-Basics)
Re: Erasing an OTP file on a SD card.
... >> AES is the main protection, and OTP will not do the AES weaker. ... The keys are collected when the user writes randomly over the handheld ... If you don't have a secure way to protect the authentication process, ...
(sci.crypt)
Re: server from outside via a key
... > I want any one coming from outside to authenticate only via RSA key ... > while the person from inside can login via system authentication only. ... Run two instances of sshd, one on each interface, with two different ... blacklisted keys). ...
(SSH)
Re: Why does openssh protocol default to 2?
... >> RSA/DSA keys, don't do that. ... > What would you suggest for NFS mounted home dirs as a reasonable solution? ... you then fire up an agent remotely on a trusted machine ... that if you choose to forward authentication root can hijack you ...
(FreeBSD-Security)