LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Closed Thread
 
Search this Thread
Old 04-28-2002, 03:19 PM   #1
Savedadogs
Member
 
Registered: Mar 2002
Posts: 41

Rep: Reputation: 15
Ssh Compromised!


Please someone help me I am a newbie. I had setup the ssh daemon on my RedHat Linux 7.2 server last week. I used openssh. I created the keys and was able to login to my server through my lan:

ssh 192.168.1.05.

Here is what happens now when I try to ssh:

[root@localhost root]# ssh 192.168.1.105
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 192.168.1.105 has changed and you have requested strict checking.
Host key verification failed.


WHAT IS GOING ON??? Has someone compromised my machine. I was also able to ssh from the outside world to my machine last week. I have a dynamic IP. All incoming ssh conenctions (port 22) are forwarded to 192.168.1.105, my linux server. Please HELP!
 
Old 04-28-2002, 03:29 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Please do not double post. http://www.linuxquestions.org/questi...threadid=19674
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Compromised by SSH bruteforce MBH Linux - Security 3 09-16-2005 10:10 PM
Compromised? I can't tell. Chuck23 Linux - Security 11 02-15-2005 07:33 AM
SSH brute force.... compromised? heri0n Linux - Security 15 11-21-2004 05:51 PM
compromised by SSH login phennon Linux - Security 2 09-19-2004 08:03 PM
Ssh Compromised!!???help!!! Savedadogs Linux - Security 12 02-10-2004 12:48 AM


All times are GMT -5. The time now is 01:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration