roland wrote:
On Tue, 16 Sep 2008 18:11:05 +0200, Aldo Foot <lunixer gmail com> wrote:On Tue, Sep 16, 2008 at 2:30 AM, roland <roland cat be> wrote:HelloI am using a terminalemulator Anita to login to a server, who validates thessh connection with 3DES Cipher.
Do we assume that you tested this and it worked before you left town?
How do you know the server is hacked? Is there evidence of that, or are you assuming that if you can't connect it must be hacked?Now this server is hacked, somebody entered with the root user. Suddenly I have ssh2
My first thought would be that you are connected to the wrong server. Could the client have done admin on the server, or the network? Changed the IP address and you are using the old address instead of DNS? My first thought is that you have the wrong server or the keys were updated, or (less likely) that there is a man in the middle.So now I get the following message, when trying to login: dsa_verify failed for server_host_key
This is unclear, if you can get in, why would you stop verifying? I would be finding out why the key changed. I assume you haven't been using the obsolete ssh1 protocol...I see the directory .ssh2 in the /root directory, but not in any $HOME dirHow can I stop ssh2 verifying?
Describing the problem more fully would help, things like can you get into the machine, and if not how you see the .ssh2 directory. I don't recall seeing that on any version I've used. What version of Fedora are you running on the server?Or is there something else I can do?
I would have current backups, but agree, if the machine really has been hacked it's time to start clean.I'd be backing up my data by now and getting ready to reinstall the system.
My dear friend af,Of course you are right, I would do the same, but I am on holiday and this happens to a client. So I am looking for a solution for 10 days to get ssh working and ssh2 out, or something els.
You mean you left the client without a local backup support and you aren't going to return immediately? Hopefully I misunderstand that.
I am blocking as much as I can out of Greece, but I have no intention to fly back home.So please give me another advice, because nobody seems to know how to stop ssh2.Thanks for understanding Roland
-- Bill Davidsen <davidsen tmr com> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot