FC4 and ssh passphrases not working
T. Horsnell
tsh at mrc-lmb.cam.ac.uk
Sat Aug 19 11:04:40 UTC 2006
[Charset iso-8859-1 unsupported, filtering to ASCII...]
>
>>
>> It appears to have been a hack. rpm -V openssh-server showed that
>> sshd has been modified.
>>
>> I'll be damned if I know how they got in. I drop ssh packets after 3 attempts
>> in one minute in iptables. I review logs every morning.
>>
>> I deleted all ssh packages from one of the minor servers and reinstalled them
>> and everything worked ok ppublickeys etc. I know that's not the solution.
>>
>> Looks like I have several reinstalls to do. Unless someone has a better idea?
>>
>> Thanks for everyone's help.
>>
>> Mike
>>
>
>Can someone give me an example of how to quickly and easily deny ssh access
>from one network interface but allow it from another. For example, disallow
>from the internet but allow from an internal net?
Assuming your iptables is running on the host itself, and not on a border
firewall, and that eth1 is the internet, then something like:
iptables -A INPUT -i eth1 -p udp -dport 22 -j DROP (can ssh make udp connections?)
iptables -A INPUT -i eth1 -p tcp -dport 22 -j DROP
near the top of your ruleset (before any -j ACCEPT)
should do it.
If you ever discover how this happened, I for one would
be *very* interested to know.
Good luck,
Terry
>
>TIA,
>
>Mike
>
>
>--
>fedora-list mailing list
>fedora-list at redhat.com
>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list