Re: [CentOS] [OT] rsa host key change
Bill Campbell wrote: ... > That would make me very suspicious that the box had been cracked, > and that a foreign sshd had been substituted for the real one. > > rpm -V is your friend. Also rkhunter and chkrootkit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] rsa host key change
On Thu, Apr 16, 2009, Ed Donahue wrote: >Anyone ever come across a linux server host key changing with out a >reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and >different DNS name or IP address? That would make me very suspicious that the box had been cracked, and that a foreign sshd had been substituted for the real one. rpm -V is your friend. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 DOS: n., A small annoying boot virus that causes random spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX. See also MS-DOS, IBM-DOS, DR-DOS. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [OT] rsa host key change
Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address? I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4) openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp uptime 944 days Started getting the eavesdropping message from a login that is supposed to login w/o a password. And always did before today. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos