[clug] Cracked?
Chris Smart
mail at christophersmart.com
Tue Jun 9 04:57:32 GMT 2009
Something weird happened today and so I'm asking you all for advice.
I had an SSH connection open to home, forwarding ports. It was working
well until it suddenly disconnected. Trying to SSH back in failed,
presenting the following error:
"ssh_exchange_identification failed. Connection closed by remote host."
or words to that effect.
I rebooted the machine and then sshing back in presented a new set of
keys. Hmm..
The datestamps on the keys were old. Could have been 'touched' I
guess, I'm not sure.
I can't seem to find anything nasty in the logs, or in history, etc.
rkhunter only warned about "unhide" and "unhide-linux26", but I think
this will be because of Debian's alternatives linking.
It's an up-to-date Lenny box.
Perhaps the keys became corrupt somehow midstream, which killed the
SSH session. But I'm not even sure if this makes sense :-)
Am I just being paranoid? Any suggestions welcome.
Thanks!
-c
More information about the linux
mailing list