Security Basics mailing list archives
SSH newkeys.
From: Paul Halliday <paul.halliday () gmail com>
Date: Fri, 11 Dec 2009 10:12:39 -0400
I had a host that was compromised over the weekend and I am still scratching my head a bit on what went on. Before the box was rooted there were a bunch of these: 46 2009-12-06 09:27:55.644224 172.16.0.15 22 92.240.75.6 36332 SSHv2 Server: New Keys 47 2009-12-06 09:27:55.799383 92.240.75.6 36332 172.16.0.15 22 SSHv2 Client: New Keys These occurred about every 3-4 seconds. In total less than 500 of these before another host swept in with the correct key. There was no previous scans to this host and it was a relatively new install. I have played with a couple different ssh scanners and I can't duplicate this pattern. I am reading: http://www.snailbook.com/docs/transport.txt between 7.3 and 8. This isn't a user/password exchange. Can anyone shed some light on what was going on? Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- SSH newkeys. Paul Halliday (Dec 11)