[CentOS] sshd hack

Sat Mar 11 16:27:53 UTC 2006
Jeff Kinz <jkinz at kinz.org>

On Sat, Mar 11, 2006 at 10:20:16AM -0500, David Johnston wrote:
> I dealt with these attacks by only allowing PubkeyAuthentication.
> 
>  # Authentication types
> PubkeyAuthentication yes
> AuthorizedKeysFile      .ssh/authorized_keys
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> 
> This requires you to put your public key in .ssh/authorized_keys on
> remote servers.  Make sure it's working before you set
> "PasswordAuthentication no" or you will lock yourself out.

David, I really like the idea of using keys since I believe they are more
resistant to being cracked, but I have one question:

If your ssh keys are in a file on a remote server, does that mean anyone
who has root on that system can use them to gain access to ssh into your home
system?




-- 
Jeff Kinz, Emergent Research, Hudson, MA.
speech recognition software may have been used to create this e-mail

Rumsfeld tells Bush, "3 Brazilian soldiers were killed in Iraq today."
  "Oh my Lord". says Bush. He sits with his head in his hands
for a long minute and then looks up and asks: "How many is a brazillion?

	            ba-da bing! 
   (Thank you, I'll be here all week, try the veal :-)