[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] ssh editing knownhosts

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] ssh editing knownhosts
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Tue, 10 Aug 2010 22:30:17 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Openpgp: id=8F455606

On 10/08/10 19:21, Gordon Henderson wrote:
> 
> 's what I do when a site has changed - although I tend to simply delete
> the known_hosts file from time to time...

What is the advantage in this?

> I discovered a clients server with a hacked version of sshd installed
> recently... Still no idea how they got in or got root privs. to make the
> changes. Very frustrating.

Hmm, curious I wonder why "sshd", I can understand hacking the "ssh"
client, since then one can harvest passwords and passphrases.

But I'd have thought sshd had few advantages, maybe they were adding a
backdoor, or to configure keylogger when a shell is spawned. Did you
identify the malware?

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] ssh editing knownhosts
- From: Gordon Henderson

References:
- [LUG] ssh editing knownhosts
  - From: tom
- Re: [LUG] ssh editing knownhosts
  - From: Simon Waters
- Re: [LUG] ssh editing knownhosts
  - From: Gordon Henderson

Prev by Date: Re: [LUG] Drupal for DCGLUG site
Next by Date: [LUG] Disaster Awaits
Previous by thread: Re: [LUG] ssh editing knownhosts
Next by thread: Re: [LUG] ssh editing knownhosts
Index(es):
- Date
- Thread