Date: Wed, 19 Jan 2000 15:43:48 +0100 From: Stephan van Beerschoten <stephanb@luna.nl> To: Marc Silver <marcs@is.co.za> Cc: Stephan van Beerschoten <stephanb@luna.nl>, freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000119154348.A6412@supra.rotterdam.luna.net> In-Reply-To: <20000119155203.C8404@is.co.za>; from Marc Silver on Wed, Jan 19, 2000 at 03:52:03PM %2B0200 References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 19, 2000 at 03:52:03PM +0200, Marc Silver wrote: > That should never happen if this line is in your sshd_config file: > > PermitRootLogin no Well, sure this line was there, but one of the kids who hacked it must have altered this default behaviour and placed the auth-file. It was just to bring the auth-file thing to everyone's attention, because its not just the root account which can be abused like this.. if a possible hacker placed an authorised_keys file (with his key) in any user's homedir, this account is permanently open for the hacker to logon to. Just a note. -Steve -- Stephan van Beerschoten Email: stephanb@luna.nl Network Engineer Luna Internet Services PGP fingerprint 4557 9761 B212 FB4C 778D 3529 C42A 2D27 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000119154348.A6412>