Re: ssh2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

roland wrote:

On Tue, 16 Sep 2008 18:11:05 +0200, Aldo Foot <lunixer@xxxxxxxxx> wrote:


On Tue, Sep 16, 2008 at 2:30 AM, roland <roland@xxxxxx> wrote:

Hello
I am using a terminalemulator Anita to login to a server, who validates the 
ssh connection with 3DES Cipher.


Do we assume that you tested this and it worked before you left town?


Now this server is hacked, somebody entered with the root user.
Suddenly I have ssh2
How do you know the server is hacked? Is there evidence of that, or are you assuming that if you can't connect it must be hacked? 


So now I get the following message, when trying to login:
dsa_verify failed for server_host_key
My first thought would be that you are connected to the wrong server. Could the client have done admin on the server, or the network? Changed the IP address and you are using the old address instead of DNS? My first thought is that you have the wrong server or the keys were updated, or (less likely) that there is a man in the middle.
I see the directory .ssh2 in the /root directory, but not in any $HOME dir 

How can I stop ssh2 verifying?
This is unclear, if you can get in, why would you stop verifying? I would be finding out why the key changed. I assume you haven't been using the obsolete ssh1 protocol... 


Or is there something else I can do?
Describing the problem more fully would help, things like can you get into the machine, and if not how you see the .ssh2 directory. I don't recall seeing that on any version I've used. What version of Fedora are you running on the server?
I'd be backing up my data by now and getting ready to reinstall the system.
I would have current backups, but agree, if the machine really has been hacked it's time to start clean. 


My dear friend af,
Of course you are right, I would do the same, but I am on holiday and this happens to a client. So I am looking for a solution for 10 days to get ssh working and ssh2 out, or something els.
You mean you left the client without a local backup support and you aren't going to return immediately? Hopefully I misunderstand that.
I am blocking as much as I can out of Greece, but I have no intention to fly back home.
So please give me another advice, because nobody seems to know how to stop ssh2. 

Thanks for understanding

Roland




--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux