Why is it not a good idea to mount the old drive on the new system? The problem is that I have 100Gb of data - and that is one hell of a lot of CD's/DVDs!

Alternatively I could copy the data across to the new HDD first - and then format the current HDD and reinstall.

What do you suggest I do?

Robin

Depending on how you mount it and the actions you take once the filesystem is mounted, you run the risk of infecting the new filesystem if any kind of viral code is present. If that's the only option, then at least scan the files with AV first. With 100Gb of data, I'm assuming it's not text files or that there are way too many of them to visually inspect them all. At the very minimum, you should check creation and modification times on these files to verify that they haven't been altered or trojaned. The unfortunate part of getting compromised is that an intruder could do something relatively benign like put a udp flooder on the system or they could install a backdoor or even 10 backdoors, you really don't know the extent.

Concerning your questions about SSH. You could use the authorized_keys file instead of using passwords. Check out the ssh man page for details.

Some people change the port that ssh uses to reduce the number of script kiddies banging on port 22. However, don't let this give you a false sense of security, because looking at other ports is a possibility.

I don't worry about failed logins it's the "sshd[11174]: Accepted password for root" that I worry about. You should run a file integrity checker as well so you would know what files have changed. Of course this doesn't mean much after the fact. RPM has this feature builtin kinda rpm -V package_name will show you if any of the package contents have changed like /bin/ls or slocate or findutils.