help
mark
m.roth at 5-cent.us
Thu Jan 28 12:50:53 UTC 2010
Joy Methew wrote:
> Hello all,
> i m using RHEL5.3 as a my mail server with real ip.i
> configure my system mostly remotely.last login time of my system 27 jan
> from this ip 118.129.153.43.
> than i try to login at 28 jan in morning so i can`t got authentication as
> root from my last password.
> than i reboot the system reset my password.
> i login as a root than i run "last" command i m sending tha first 10 lines
> of last command...i thinks someone hack my system.i am sending history
> command output.
> now i remove .ssh directory and /var/tmp/*
>
> please suggest wat is this??
<snip>
Copy your /root/.ssh/authorized_keys to a backup name, and edit the existing
one to remove the last one or two, but REMOVE THE KEY YOU SEE IN THERE THAT
MATCHES THE ONE IN THE ECHO COMMAND. Otherwise, your attacker will just get in
*without* a password, just an exchange of public and private keys via ssh.
mark
More information about the redhat-list
mailing list