Security Basics mailing list archives
Re: possibly compromised redhat 7.2 box
From: "Kalpin Erlangga Silaen" <kalpin () solonet co id>
Date: Mon, 24 May 2004 11:55:36 +0700
Dear Melissa, I think this happen because someone (I hope s/he is your Administrator) changed/upgraded your sshd. To fix it, try to edit your known_hosts2 at ~/.ssh/ or just remove ~/.ssh by typing : $rm -rf .ssh. If you are using windows then remove putty.rnd (if you are using putty) from root directory (please read the manual). I hope this will help you Regards, Kalpin Erlangga S ----- Original Message ----- From: "Melissa McGillis" <mcgillim () cis uab edu> To: "Security-Basics" <security-basics () securityfocus com> Sent: Friday, May 21, 2004 2:17 AM Subject: possibly compromised redhat 7.2 box
Hello, I have a redhat 7.2 server that stopped accepting my ssh login. I can
still
use my login at the terminal. I also noticed that the host key changed. My only guess at this point is that the box was probably compromised. Any
good
software out there to help me figure it out? Any other ideas as to what would cause this? Anything helps, Melissa (THIS IS IN NO WAY AFFILIATED WITH UAB. It's just the address I use for lists.)
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- possibly compromised redhat 7.2 box Melissa McGillis (May 21)
- Re: possibly compromised redhat 7.2 box Kalpin Erlangga Silaen (May 25)
- <Possible follow-ups>
- Re: possibly compromised redhat 7.2 box Eric Gunnett (May 21)
- Re: possibly compromised redhat 7.2 box James Turnbull (May 25)
- RE: possibly compromised redhat 7.2 box Brecrost Jones (May 26)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)
- Re: possibly compromised redhat 7.2 box UPDATE - harden Alvin Oga (May 27)
- Re: possibly compromised redhat 7.2 box James Kelly (May 27)
- RES: possibly compromised redhat 7.2 box Nelson B. dos Santos Neto (May 27)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)