Have I been hacked?

06/08/2007, 19h48

I was using RSA keys authentication and it was working fine. I just
noticed someone logged onto my computer other than me. I checked, and
it seems like sshd is now not checking the keys. I have not changed my
sshd_config in some time. Is there something that stops it from
working lately?

Thanks.. (I am running OS X 10.4)

# Authentication:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

06/08/2007, 21h50

hkg166@gmail.com wrote:
> I was using RSA keys authentication and it was working fine. I just
> noticed someone logged onto my computer other than me. I checked, and
> it seems like sshd is now not checking the keys. I have not changed my
> sshd_config in some time. Is there something that stops it from
> working lately?
>
> Thanks.. (I am running OS X 10.4)
>
>
> # Authentication:
>
> #LoginGraceTime 120
> PermitRootLogin no
> #StrictModes yes
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
> # rhosts authentication should not be used
> #RhostsAuthentication no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>

If, by "not checking the keys", you mean sshd is allowing users to
authenticate with passwords, you need to check the
PasswordAuthentication option in sshd_config.

If you mean that users can authenticate with a bogus RSA key, you have a
real problem.
--
Steve

07/08/2007, 05h53

On 2007-08-06, hkg166@gmail.com <hkg166@gmail.com> wrote:
> I was using RSA keys authentication and it was working fine. I just
> noticed someone logged onto my computer other than me.

If you're the only person who is authorised to be logged on, then yes.

--
Russell Wood
<http://www.dynode.net/~rjw/>

15/08/2007, 16h01

X-No-Archive: Yes

It should be checking the keys but make sure that password
authentication is turned off.
Which version of SSH are you using?
Make sure you are only using SSH2 for maximum security
"RSAAuthentication yes" only applies to SSH1

>From OpenSSH (sshd_config):
http://www.openbsd.org/cgi-bin/man.c...ry=sshd_config
RSAAuthentication: Specifies whether pure RSA authentication is
allowed. The default is ``yes''. This option applies to protocol
version 1 only.

06/08/2007, 19h48	#1
hkg166@gmail.com Messages: n/a Hébergeur:	Have I been hacked? I was using RSA keys authentication and it was working fine. I just noticed someone logged onto my computer other than me. I checked, and it seems like sshd is now not checking the keys. I have not changed my sshd_config in some time. Is there something that stops it from working lately? Thanks.. (I am running OS X 10.4) # Authentication: #LoginGraceTime 120 PermitRootLogin no #StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes

06/08/2007, 21h50	#2
Steve Sentoff Messages: n/a Hébergeur:	Re: Have I been hacked? hkg166@gmail.com wrote: > I was using RSA keys authentication and it was working fine. I just > noticed someone logged onto my computer other than me. I checked, and > it seems like sshd is now not checking the keys. I have not changed my > sshd_config in some time. Is there something that stops it from > working lately? > > Thanks.. (I am running OS X 10.4) > > > # Authentication: > > #LoginGraceTime 120 > PermitRootLogin no > #StrictModes yes > > RSAAuthentication yes > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > > # rhosts authentication should not be used > #RhostsAuthentication no > # Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > If, by "not checking the keys", you mean sshd is allowing users to authenticate with passwords, you need to check the PasswordAuthentication option in sshd_config. If you mean that users can authenticate with a bogus RSA key, you have a real problem. -- Steve

07/08/2007, 05h53	#3
Russell Wood Messages: n/a Hébergeur:	Re: Have I been hacked? On 2007-08-06, hkg166@gmail.com <hkg166@gmail.com> wrote: > I was using RSA keys authentication and it was working fine. I just > noticed someone logged onto my computer other than me. If you're the only person who is authorised to be logged on, then yes. -- Russell Wood <http://www.dynode.net/~rjw/>

15/08/2007, 16h01	#4
purpmint008@gmail.com Messages: n/a Hébergeur:	Re: Have I been hacked? X-No-Archive: Yes It should be checking the keys but make sure that password authentication is turned off. Which version of SSH are you using? Make sure you are only using SSH2 for maximum security "RSAAuthentication yes" only applies to SSH1 >From OpenSSH (sshd_config): http://www.openbsd.org/cgi-bin/man.c...ry=sshd_config RSAAuthentication: Specifies whether pure RSA authentication is allowed. The default is ``yes''. This option applies to protocol version 1 only.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email