From owner-freebsd-security Wed Jan 19 6:44:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from supra.rotterdam.luna.net (supra.rotterdam.luna.net [194.151.24.24]) by hub.freebsd.org (Postfix) with ESMTP id 4030F15206 for ; Wed, 19 Jan 2000 06:44:05 -0800 (PST) (envelope-from stephanb@luna.nl) Received: (from stephanb@localhost) by supra.rotterdam.luna.net (•8.8.8/tcpwrp+ismx/8.8.8/chk+tcpwrpr) id PAA06429; Wed, 19 Jan 2000 15:43:49 +0100 (CET) Date: Wed, 19 Jan 2000 15:43:48 +0100 From: Stephan van Beerschoten To: Marc Silver Cc: Stephan van Beerschoten , freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000119154348.A6412@supra.rotterdam.luna.net> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <20000119155203.C8404@is.co.za>; from Marc Silver on Wed, Jan 19, 2000 at 03:52:03PM +0200 Organization: Luna Internet Services http://www.luna.nl Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jan 19, 2000 at 03:52:03PM +0200, Marc Silver wrote: > That should never happen if this line is in your sshd_config file: > > PermitRootLogin no Well, sure this line was there, but one of the kids who hacked it must have altered this default behaviour and placed the auth-file. It was just to bring the auth-file thing to everyone's attention, because its not just the root account which can be abused like this.. if a possible hacker placed an authorised_keys file (with his key) in any user's homedir, this account is permanently open for the hacker to logon to. Just a note. -Steve -- Stephan van Beerschoten Email: stephanb@luna.nl Network Engineer Luna Internet Services PGP fingerprint 4557 9761 B212 FB4C 778D 3529 C42A 2D27 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message