Quoting Greg Farrell (greg at gregfarrell.org):
> just in case any of you are running debian stable, a box in work
> and my own box in america, both running fully updated debian stable have
> been cracked. Seems by an automated tool/worm.
But that's a surmise, right? No direct evidence of the path of
break-in?
In many cases, people's machines get rooted because someone's SSH
authentication tokens were stolen on a different system, the way VA^w
some company in California got its entire corporate network compromised
because some nitwit sysadmin SSHed out into the then-compromised
shells.sourceforge.net host _and_ SSHed back in.
Alternatively, if your system allows users to use weak SSH passwords or
leave them unchanged for long periods of time (and have guessable login
names), your system may eventually succumb to dictionary attacks on its
SSH port. (Many paranoics allow only SSH keypair authentication, rather
than regular passwords.)
--
Virtual Regards,
Rick Moen
Sysimperator, dominus regis deusque machinarum.
rick at linuxmafia.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
