Re: Have I been hacked?



hkg166@xxxxxxxxx wrote:
I was using RSA keys authentication and it was working fine. I just
noticed someone logged onto my computer other than me. I checked, and
it seems like sshd is now not checking the keys. I have not changed my
sshd_config in some time. Is there something that stops it from
working lately?

Thanks.. (I am running OS X 10.4)


# Authentication:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes


If, by "not checking the keys", you mean sshd is allowing users to authenticate with passwords, you need to check the PasswordAuthentication option in sshd_config.

If you mean that users can authenticate with a bogus RSA key, you have a real problem.
--
Steve
.



Relevant Pages

  • Re: known_hosts file on trusted server
    ... them as there are for SSL and PGP keys, and people are far too willing ... effective for authenticating the actual server, ... robust, manageable, scalable methods of server authentication. ... although OpenSSH has had Kerberos *client* ...
    (comp.security.ssh)
  • problem sending initial data to slave Kerberos server
    ... I'm havin problems adding a slave to an existing test cluster. ... Last successful authentication: ... Number of keys: 1 ... vno 2, des-cbc-crc, no salt ...
    (comp.protocols.kerberos)
  • problem sending initial data to slave Kerberos server
    ... Maximum ticket life: 0 days 10:00:00 ... Last successful authentication: ... Number of keys: 1 ... vno 2, des-cbc-crc, no salt ...
    (comp.protocols.kerberos)
  • RE: 802.1x RADIUS Deployment in Wireless LAN
    ... To talk about WPA in Wi-Fi Alliance's ... EAP in combination with 802.1X is used for Authentication. ... or use Pre-shared keys (typically in homes where you can't have a RADIUS ... such features need to be built on the cards as the cards use these features ...
    (Security-Basics)
  • Re: Erasing an OTP file on a SD card.
    ... >> AES is the main protection, and OTP will not do the AES weaker. ... The keys are collected when the user writes randomly over the handheld ... If you don't have a secure way to protect the authentication process, ...
    (sci.crypt)