Hi, my english seems very bad because my problem is not to make secure the ssh key. My problem is how do not be hacked. I have talked about the ssh key stealing to show signs that my pc was been compromised. I can for sure make secure my ssh key but how to make secure my the pc ? If I have a rootkit that steal the ssh key the problem is the rootkit. You know keylogger that steal password ? or cookie stealing ?
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, April 4, 2019 10:19 AM, Tor Houghton <t...@bogus.net> wrote: > Hi, > > Difficult to make any recommendations based on this information, but once > you've recovered, enforce ssh key-based logins only. > > Given that your client might be compromised, you probably want to look into > that as well. > > To limit the possibilities that someone gets access to your > ssh private key's keyphrase, store it off-client -- for example using your > mobile phone (e.g. Kryptonite -- https://krypt.co; do read caveat regarding > Android crypto). > > Good luck. > > On Wed, Apr 03, 2019 at 06:56:39PM +0000, Cord wrote: > > > Hi, > > I have some heavy suspect that my openbsd box was been hacked for the > > second time in few weeks. The first time was been some weeks ago, I have > > got some suspects and after few checks I have found that someone was been > > connected to my vps via ssh on a non-standard port using my ssh key. The > > connection came from a tor exit node. There were been 2 connections and up > > since 5 days. Now I have some other new suspects because some private email > > seems knew from others. Also I have found other open sessions on the web > > gui of my email provider, but I am abolutely sure I have done the logout > > always. > > I am using just chrome+unveil and I haven't used any other script or opened > > pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used > > epiphany only to open the webmail because chrome crash. My email provider > > support html (obviously) but generally photo are not loaded. Ofcourse I > > have pf enable and few service. > > I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 > > website just to read news. Sometimes I search things about openbsd. > > Anyone could help me ? > > Cord.