Have I been hacked?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I was using RSA keys authentication and it was working fine. I just
noticed someone logged onto my computer other than me. I checked, and
it seems like sshd is now not checking the keys. I have not changed my
sshd_config in some time. Is there something that stops it from
working lately?

Thanks.. (I am running OS X 10.4)

# Authentication:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

Re: Have I been hacked?

hkg166@gmail.com wrote:
Quoted text here. Click to load it

If, by "not checking the keys", you mean sshd is allowing users to
authenticate with passwords, you need to check the
PasswordAuthentication option in sshd_config.

If you mean that users can authenticate with a bogus RSA key, you have a
real problem.

Re: Have I been hacked?

Quoted text here. Click to load it

If you're the only person who is authorised to be logged on, then yes.

Russell Wood

Re: Have I been hacked?

X-No-Archive: Yes

It should be checking the keys but make sure that password
authentication is turned off.
Which version of SSH are you using?
Make sure you are only using SSH2 for maximum security
"RSAAuthentication yes" only applies to SSH1

Quoted text here. Click to load it
RSAAuthentication: Specifies whether pure RSA authentication is
allowed.  The default is ``yes''. This option applies to protocol
version 1 only.

Site Timeline