On Sun, Feb 19, 2012 at 10:01 AM, Rich Shepard rshep...@appl-ecosys.com wrote:
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
Does this imply that the login attempt message I received was of a
different sort of attack?
Denis,
_I_ don't think so. What's most important is that every attempt
*cough cough*
http://perimetergrid.com/wp/2008/05/17/ubuntudebian-crng-cracked-ssh-vulnerable/
Missed that one. Seems to be limited to Debian's RNG, and affects
only the key generation process, not the protocol itself.
quite correct. point being, even SSH keys aren't
Jim == Jim Garrison j...@jhmg.net writes:
Jim I've been runnin SSH on several Internet-facing servers, and
Jim used to get hundreds, if not thousands, of these messages in
Jim the logs. I finally got tired of this and moved my SSH server
Jim to a different port (such as 12345 -- not what I use
On 3/2/2012 1:45 PM, Randal L. Schwartz wrote:
Jim == Jim Garrison j...@jhmg.net writes:
Jim I've been runnin SSH on several Internet-facing servers, and
Jim used to get hundreds, if not thousands, of these messages in
Jim the logs. I finally got tired of this and moved my SSH server
Jim
I've never heard of a single breakin occurring with private-key auth
that was due to true SSH protocol or encryption weakness. Failures
in the human side of the process, however, have been known to happen.
*cough cough*
On 3/2/2012 7:48 PM, wes wrote:
I've never heard of a single breakin occurring with private-key auth
that was due to true SSH protocol or encryption weakness. Failures
in the human side of the process, however, have been known to happen.
*cough cough*
I think the core of my question is what is the likely result of my
saying YES to the login request? I appreciate the advice on keeping
the machine secure and keeping the bad guys out, but right now my
concern is that a bad guy has already gotten in. If not, then I can
see about keeping
I did something stupid. Yesterday (Saturday) evening a window popped
up saying someone wanted to log in. I permitted it thinking it was my
son. Within two minutes I found out that it was not he, so I shut
down.
This morning I perused the logs (network off). I found that on Friday
the auth.log
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
I found that on Friday the auth.log shows many (over 300) messages such
as:
23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN
ATTEMPT!
Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173
Feb 17 16:56:16
Rich Shepard wrote:
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
I found that on Friday the auth.log shows many (over 300) messages such
as:
23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN
ATTEMPT!
Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from
On Sun, Feb 19, 2012 at 9:30 AM, Rich Shepard rshep...@appl-ecosys.com wrote:
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
I found that on Friday the auth.log shows many (over 300) messages such
as:
23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN
ATTEMPT!
Feb 17
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
Does this imply that the login attempt message I received was of a
different sort of attack?
Denis,
_I_ don't think so. What's most important is that every attempt to crack
into your system/network via ssh fails. We can no more eliminate these
I've been runnin SSH on several Internet-facing servers, and
used to get hundreds, if not thousands, of these messages in
the logs. I finally got tired of this and moved my SSH server
to a different port (such as 12345 -- not what I use :-), and
now NEVER get these.
For added security, I long
On Sun, Feb 19, 2012 at 09:17:01AM -0800, Denis Heidtmann wrote:
I did something stupid. Yesterday (Saturday) evening a window popped
up saying someone wanted to log in. I permitted it thinking it was my
son. Within two minutes I found out that it was not he, so I shut
down.
This morning
I think the core of my question is what is the likely result of my
saying YES to the login request? I appreciate the advice on keeping
the machine secure and keeping the bad guys out, but right now my
concern is that a bad guy has already gotten in. If not, then I can
see about keeping them out.
On Sun, 19 Feb 2012, Denis Heidtmann wrote:
I think the core of my question is what is the likely result of my saying
YES to the login request?
I would not. Set up the host to accept logins only from authorized users
(e.g., your son and yourself). Using ssh from the remote host enter
On Sun, Feb 19, 2012 at 11:36:38AM -0800, Denis Heidtmann wrote:
I think the core of my question is what is the likely result of my
saying YES to the login request?
Use `last | less` and see who actually logged in when you did the approval,
then see what they did while logged on.
For
On Sun, Feb 19, 2012 at 1:35 PM, Michael Rasmussen mich...@jamhome.us wrote:
On Sun, Feb 19, 2012 at 11:36:38AM -0800, Denis Heidtmann wrote:
I think the core of my question is what is the likely result of my
saying YES to the login request?
Use `last | less` and see who actually logged in
18 matches
Mail list logo