Quoting Kamaraju Kusumanchi <[EMAIL PROTECTED]>: > Here is what I have done so far > 1) I have looked in various log files but could not find any > suspicious activity. >
Turns out that I was dictionary attacked (thanks to /var/log/auth.log) via ssh port. The intruder was able to gain access to the guest account. I created that account to reproduce a bug that I was experiencing in KDE. But forgot to delete it later. I do not yet know the extent of the damage and whether hir was able to gain root access to this system. I also discovered that remote logins (via ssh) for root account were enabled on this system. Now, I disabled them. Does anyone have suggestions on tightening up the default sshd_config file? I read about disabling password authentication mechanism completely and using only the key authorization mechanism. But this is too inconvenient to stick to. For example, if I go to a friend's machine, I would like to be able to ssh from it, without bothering about transferring keys back and forth. Any other suggestions are welcome. raju -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
