SSH issues...

Thomas Mondoshawan Tate plug-discuss@lists.PLUG.phoenix.az.us
Tue, 4 Dec 2001 21:03:07 -0700


--LQksG6bCIzRHxTLp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 04, 2001 at 08:39:22PM -0700, KevinO wrote:
> What are the contents of :
>=20
> $HOME/.ssh/config

Nonexistant.

> /etc/ssh/ssh_config

Defaults that come with the OpenSSH source.

> Thomas Mondoshawan Tate wrote:
> >=20
> > On Tue, Dec 04, 2001 at 06:43:24PM -0800, Lowell Hamilton wrote:
> > > That has the signature of an exploited machine.  I have seen several =
of
> > > these with the same issues.  When people exploit the CRC-32 ssh hole,
> > > the rootkits disable ssh to keep others from using the same exploit,
> > > and it has the affect of locking legit users out as well.  I'm not
> > > saying it's guaranteed to be it, but it is possible.  If you used any
> > > redhat distribution or several others they come default with an old
> > > (pre v2.9) OpenSSH which is vulnerable.
> > >
> > > Lowell
> >=20
> > I built this machine from the ground up from source copies of the latest
> > distributions of each package. I'm running OpenSSH_3.0p1, with protocols
> > 1.5/2.0. The system was just recently installed to the outside world a =
few
> > seconds ago, so it's not possible for it to be rooted this early. =3Dop
> >=20
> > --
> > Thomas "Mondoshawan" Tate
> > phoenix@psy.ed.asu.edu
> > http://tank.dyndns.org
> >=20
> >   ---------------------------------------------------------------------=
---
> >    Part 1.2Type: application/pgp-signature
>=20
> --=20
> Kevin O'Connor
> =20
>  "People will be free to devote themselves to activities that are fun
> ...=20
> =20
> The GNU Manifesto - Copyright (C) 1985, 1993 Free Software Foundation,
> Inc.
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't p=
ost to the list quickly and you use Netscape to write mail.
>=20
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--=20
Thomas "Mondoshawan" Tate
phoenix@psy.ed.asu.edu
http://tank.dyndns.org

--LQksG6bCIzRHxTLp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8DZx7Yp5mUsPGjjwRAvI4AJ4qKEPfUHHF7VY/AAclwIUtAQILigCaA9IN
Q9prRce+kDP+HjBaLgd2WNw=
=w7ZF
-----END PGP SIGNATURE-----

--LQksG6bCIzRHxTLp--