Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH authentication

 On Thu, 3 Jan 2008 19:18:30 -0500 
Derek Martin <[hidden email]> wrote: 

> On Tue, Jan 01, 2008 at 08:10:16AM -0500, Jerry Feldman wrote: 
> > I checked the system sshd_config and they did not change. I also 
> > created debug logs (using -vvv).   
> This only shows the client side... the server side is generally the 
> most helpful, as I mentioned in my previous post.  You need to run 
> sshd with the -d option to put it in debug mode.  This will almost 
> certainly reveal what the problem is... 
> My second guess would be that the permissions of your home directory 
> itself have been changed to allow group or other to write there.  This 
> would allow someone to remove your .ssh directory and replace it with 
> a new copy with whatever authorized_keys file the attacker wants, so 
> by default it's not allowed.  You mentioned .ssh and authorized_keys 
> are secured, but didn't mention about your home directory. 

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /