nanog mailing list archives

Re: Rootshell pages hacked

From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Thu, 29 Oct 1998 15:03:49 -0500

In message <04c601be0373$c0dc2d90$e50984a9 () flounder telecom idt net>, "Adam D. McKenna" writes:

They claim they were running only qmail, apache and ssh, but who knows if
that's true.

I have heard rumours about an ssh exploit but nothing concrete.


I know of some interesting sites that were hacked into "using ssh" recently.
The trick is to attack the SSH *client* machine, and them take advantage of
things like a running ssh-agent and existing authorized_keys files to connect
to the server host using the existing (valid) trust relationship. This isn't
an SSH bug, merely a standard side effect of distributed trust.

-- 
C. Harald Koch     <chk () utcc utoronto ca>

"It takes a child to raze a village."
                -Michael T. Fry

Current thread:

Re: Rootshell pages hacked Adam D. McKenna (Oct 29)
- <Possible follow-ups>
- Re: Rootshell pages hacked Adam D. McKenna (Oct 29)
  - Re: Rootshell pages hacked C. Harald Koch (Oct 29)
  - Re: Rootshell pages hacked Michael Freeman (Oct 31)
- Re: Rootshell pages hacked Richard Steenbergen (Oct 29)
- Re: Rootshell pages hacked Adam D. McKenna (Oct 31)