[SOLVED] Welcome to the Twilight Zone: SSH logging in with NO AUTHENTICATION
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Welcome to the Twilight Zone: SSH logging in with NO AUTHENTICATION
I just had a Twilight Zone experience! I was just setting up ssh on my desktop machine and got the wrong path in the -i parameter (identity file) my server is set for "PermitRootLogin without-password", which as I under stand it disables the password login only. I did NOT get the pass phrase prompt and got error message to the effect of key file not found.
and then I got a functional ssh connection to my server!
I had previously been using PUTTY and it too would connect without an identify file!!!!!!!
After a bit of panic a reboot of my DESKTOP machine that I was running the ssh client on the problem went away???. (The server was NOT rebooted although it had been rebooted the day before)
I gotta wonder if I have been compromised -- does anybody have any idea whats going on???
I know that PUTTY has a mechanism to remember identity files and log you in automatically without needing passwords but I had not run it, and why would it also affect ssh???
Posting lines, from the server, wherever SSH logs to and sshd_config (as in 'grep ^# /path/to/file|grep .;') and from the client your botched command line and your ~/.ssh/config may shed a light on things. Apart from that root shouldn't be allowed login over any network so you're not adhering to best practices regardless of your question. If this is a remote server I strongly suggest you correct that before doing anything else.
As far as detecting compromised binaries: your distribution (which?) may or may not have package management tools to help you. If it doesn't and if you haven't set up file integrity checking (Samhain, Aide or even tripwire) then compare package contents with a known good package downloaded from a trusted repository?
Apparently gnome_keyring daemon runs by default in Ubuntu. It also appears to work with putty. I sure don't mind computers being helpful, but it sure would be nice if they'd let you know when THEY are helping , , , as opposed to a hacker. what threw me was that it was working with putty and I knew that I wasn't using pageant!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
what threw me was that it was working with putty and I knew that I wasn't using pageant!
