LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-13-2007, 03:13 PM   #1
marco18
Member
 
Registered: Jul 2007
Location: Argentina
Distribution: Ubuntu 13.04 , Debian Lenny 5.0.7
Posts: 223

Rep: Reputation: 21
SSH Agent running, system compromised??


Hey there! Looking for some security weaknesses of my system, I closed the ssh port and shot down the ssh daemon (I don't use ssh at all).
But surprisingly, I found a process running called "ssh-agent". It is not a system service and I can't find it anywhere to avoid it from starting on boot. So, my questions are two:

1) Where else apart from the init.d folder are contained the services or apps that are loaded on system boot?

2) What's the risk I take if I let this process running (with the ssh port is closed)?

Any help will be welcomed. Thanks!
 
Old 08-13-2007, 03:45 PM   #2
lefty.crupps
Member
 
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470

Rep: Reputation: 32
Read here about places where startup programs can happen:
. http://www.linuxquestions.org/questi...d.php?t=543046
Also it could be started by the 'at' command or by 'cron' (which has many locations...).

Even with SSH port closed, ssh can be specified to attach to another port, so this agent could be listening to another port as a sneaky maneuver...

you could also look at that process in a Tree via command line to see what is starting ssh-agent:
ps axjf (use [shift][page up] or [shift][page down] to look through the results)
run 'man ps' at a command line to learn more about that...

let us know how it turns out!

Last edited by lefty.crupps; 08-13-2007 at 03:47 PM.
 
Old 08-13-2007, 04:07 PM   #3
zhangmaike
Member
 
Registered: Oct 2004
Distribution: Slackware
Posts: 376

Rep: Reputation: 31
I'd recommend reading the man page for ssh-agent.

Code:
SSH-AGENT(1)              BSD General Commands Manual             SSH-AGENT(1)

NAME
     ssh-agent -- authentication agent

SYNOPSIS
     ssh-agent [-a bind_address] [-c | -s] [-t life] [-d] [command [args ...]]
     ssh-agent [-c | -s] -k

DESCRIPTION
     ssh-agent is a program to hold private keys used for public key authenti-
     cation (RSA, DSA).  The idea is that ssh-agent is started in the begin-
     ning of an X-session or a login session, and all other windows or pro-
     grams are started as clients to the ssh-agent program.  Through use of
     environment variables the agent can be located and automatically used for
     authentication when logging in to other machines using ssh(1).

...
 
Old 08-13-2007, 06:25 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
ssh-agent is not a service that listens for incoming ssh connections. It caches your private ssh key for use in passwordless authentication TO other systems. Many installations have an ssh-agent in your profile by default.
 
Old 08-13-2007, 08:37 PM   #5
marco18
Member
 
Registered: Jul 2007
Location: Argentina
Distribution: Ubuntu 13.04 , Debian Lenny 5.0.7
Posts: 223

Original Poster
Rep: Reputation: 21
So it isn't a risk for me. Better that way . Thanks a lot guys!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
SSH-agent running Corrado Linux - General 1 06-14-2007 11:24 AM
ssh-agent/ssh-add question mega Slackware 2 01-26-2005 03:09 AM
Ssh Compromised!!???help!!! Savedadogs Linux - Security 12 02-10-2004 12:48 AM
Ssh Compromised! Savedadogs Linux - General 1 04-28-2002 03:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration