ssh2

Bill Davidsen davidsen at tmr.com
Tue Sep 16 20:26:38 UTC 2008 

roland wrote:
> On Tue, 16 Sep 2008 18:11:05 +0200, Aldo Foot <lunixer at gmail.com> wrote:
> 
>> On Tue, Sep 16, 2008 at 2:30 AM, roland <roland at cat.be> wrote:
>>> Hello
>>>
>>> I am using a terminalemulator Anita to login to a server, who 
>>> validates the
>>> ssh connection with 3DES Cipher.
>>>
Do we assume that you tested this and it worked before you left town?

>>> Now this server is hacked, somebody entered with the root user.
>>> Suddenly I have ssh2
>>>
How do you know the server is hacked? Is there evidence of that, or are you 
assuming that if you can't connect it must be hacked?

>>> So now I get the following message, when trying to login:
>>> dsa_verify failed for server_host_key
>>>
My first thought would be that you are connected to the wrong server. Could the 
client have done admin on the server, or the network? Changed the IP address and 
you are using the old address instead of DNS? My first thought is that you have 
the wrong server or the keys were updated, or (less likely) that there is a man 
in the middle.

>>> I see the directory .ssh2 in the /root directory, but not in any 
>>> $HOME dir
>>>
>>> How can I stop ssh2 verifying?
>>>
This is unclear, if you can get in, why would you stop verifying? I would be 
finding out why the key changed. I assume you haven't been using the obsolete 
ssh1 protocol...

>>> Or is there something else I can do?
>>
Describing the problem more fully would help, things like can you get into the 
machine, and if not how you see the .ssh2 directory. I don't recall seeing that 
on any version I've used. What version of Fedora are you running on the server?

>> I'd be backing up my data by now and getting ready to reinstall the 
>> system.
>>
I would have current backups, but agree, if the machine really has been hacked 
it's time to start clean.

> My dear friend af,
> 
> Of course you are right, I would do the same, but I am on holiday and 
> this happens to a client. So I am looking for a solution for 10 days to 
> get ssh working and ssh2 out, or something els.

You mean you left the client without a local backup support and you aren't going 
to return immediately? Hopefully I misunderstand that.
> 
> I am blocking as much as I can out of Greece, but I have no intention to 
> fly back home.
> 
> So please give me another advice, because nobody seems to know how to 
> stop ssh2.
> 
> Thanks for understanding
> 
> Roland
> 


-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list