Security Basics mailing list archives
RE: possibly compromised redhat 7.2 box
From: "Brecrost Jones" <brecrost () hotmail com>
Date: Tue, 25 May 2004 14:24:53 -0600
Also, check which SSH protocols sshd is allowing (probably /etc/ssh/sshd_config, or thereabouts), and which protocol your SSH client is using (if PuTTY, look under Connection->SSH). If your sshd or PuTTY has been upgraded recently, there may be a mismatch. I think the latest version of PuTTY was changed to default to SSH protocol version 2, maybe your server is only allowing version 1 (?). Or perhaps sshd was upgraded, and defaults to version 2, but you PuTTY is set to use version 1 only.
Hope that helps.
-----Original Message-----From: Kalpin Erlangga Silaen [mailto:kalpin () solonet co id] Sent: May 23, 2004 10:56 PMTo: Melissa McGillis; Security-Basics Subject: Re: possibly compromised redhat 7.2 box Dear Melissa, I think this happen because someone (I hope s/he is your Administrator) changed/upgraded your sshd. To fix it, try to edit your known_hosts2 at ~/.ssh/ or just remove ~/.ssh by typing : $rm -rf .ssh.If you are using windows then remove putty.rnd (if you are using putty) fromroot directory (please read the manual). I hope this will help you Regards, Kalpin Erlangga S ----- Original Message ----- From: "Melissa McGillis" <mcgillim () cis uab edu> To: "Security-Basics" <security-basics () securityfocus com> Sent: Friday, May 21, 2004 2:17 AM Subject: possibly compromised redhat 7.2 box > Hello, > > I have a redhat 7.2 server that stopped accepting my ssh login. I can still> use my login at the terminal. I also noticed that the host key changed. My> only guess at this point is that the box was probably compromised. Any good > software out there to help me figure it out? Any other ideas as to what > would cause this? > Anything helps, > Melissa > (THIS IS IN NO WAY AFFILIATED WITH UAB. It's just the address I use for > lists.) > >
_________________________________________________________________MSN Premium with Virus Guard and Firewall* from McAfee® Security : 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- possibly compromised redhat 7.2 box Melissa McGillis (May 21)
- Re: possibly compromised redhat 7.2 box Kalpin Erlangga Silaen (May 25)
- <Possible follow-ups>
- Re: possibly compromised redhat 7.2 box Eric Gunnett (May 21)
- Re: possibly compromised redhat 7.2 box James Turnbull (May 25)
- RE: possibly compromised redhat 7.2 box Brecrost Jones (May 26)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)
- Re: possibly compromised redhat 7.2 box UPDATE - harden Alvin Oga (May 27)
- Re: possibly compromised redhat 7.2 box James Kelly (May 27)
- RES: possibly compromised redhat 7.2 box Nelson B. dos Santos Neto (May 27)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)