Have I been hacked? - SSH

This is a discussion on Have I been hacked? - SSH ; I was using RSA keys authentication and it was working fine. I just noticed someone logged onto my computer other than me. I checked, and it seems like sshd is now not checking the keys. I have not changed my ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Have I been hacked?

  1. Have I been hacked?

    I was using RSA keys authentication and it was working fine. I just
    noticed someone logged onto my computer other than me. I checked, and
    it seems like sshd is now not checking the keys. I have not changed my
    sshd_config in some time. Is there something that stops it from
    working lately?

    Thanks.. (I am running OS X 10.4)


    # Authentication:

    #LoginGraceTime 120
    PermitRootLogin no
    #StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys

    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes


  2. Re: Have I been hacked?

    hkg166@gmail.com wrote:
    > I was using RSA keys authentication and it was working fine. I just
    > noticed someone logged onto my computer other than me. I checked, and
    > it seems like sshd is now not checking the keys. I have not changed my
    > sshd_config in some time. Is there something that stops it from
    > working lately?
    >
    > Thanks.. (I am running OS X 10.4)
    >
    >
    > # Authentication:
    >
    > #LoginGraceTime 120
    > PermitRootLogin no
    > #StrictModes yes
    >
    > RSAAuthentication yes
    > PubkeyAuthentication yes
    > AuthorizedKeysFile .ssh/authorized_keys
    >
    > # rhosts authentication should not be used
    > #RhostsAuthentication no
    > # Don't read the user's ~/.rhosts and ~/.shosts files
    > #IgnoreRhosts yes
    >


    If, by "not checking the keys", you mean sshd is allowing users to
    authenticate with passwords, you need to check the
    PasswordAuthentication option in sshd_config.

    If you mean that users can authenticate with a bogus RSA key, you have a
    real problem.
    --
    Steve

  3. Re: Have I been hacked?

    On 2007-08-06, hkg166@gmail.com wrote:
    > I was using RSA keys authentication and it was working fine. I just
    > noticed someone logged onto my computer other than me.


    If you're the only person who is authorised to be logged on, then yes.

    --
    Russell Wood


  4. Re: Have I been hacked?

    X-No-Archive: Yes

    It should be checking the keys but make sure that password
    authentication is turned off.
    Which version of SSH are you using?
    Make sure you are only using SSH2 for maximum security
    "RSAAuthentication yes" only applies to SSH1

    >From OpenSSH (sshd_config):

    http://www.openbsd.org/cgi-bin/man.c...ry=sshd_config
    RSAAuthentication: Specifies whether pure RSA authentication is
    allowed. The default is ``yes''. This option applies to protocol
    version 1 only.


+ Reply to Thread