possible hacking?
Grant M.
gmongardi at napc.com
Wed Jan 25 11:02:58 EST 2006
Kent Borg wrote:
> At a former job we had an unmaintained Linux machine with ssh on a
> high port, and it got cracked.
>
> On my basement server I have ssh on the regular port, but I use strong
> passwords.
We had an issue where we were compromised because of a keylogger on a
customer's server (we ssh'd into one of our servers from the client
machine as root, and the password was logged). This is why you should
always turn of any access from outside the firewall by anyone but root,
and never even su to root. sudo should always be just enough to get done
what you need to get done. We had a strong password, but that is no help
if someone can record what you're typing. We have not had an incident
since we turned off root access from outside.
I learned my lesson.
Grant M.
--
Grant Mongardi
Systems Engineer
NAPC
gmongardi at napc.com
http://www.napc.com/
781.894.3114 phone
781.894.3997 fax
NAPC | technology matters
More information about the Discuss
mailing list