[clug] Cracked?

Robert Edwards bob at cs.anu.edu.au
Wed Jun 10 00:04:14 GMT 2009


Chris Smart wrote:
> Something weird happened today and so I'm asking you all for advice.
> 
> I had an SSH connection open to home, forwarding ports. It was working
> well until it suddenly disconnected. Trying to SSH back in failed,
> presenting the following error:
> "ssh_exchange_identification failed. Connection closed by remote host."
> or words to that effect.
> 
> I rebooted the machine and then sshing back in presented a new set of
> keys. Hmm..
> The datestamps on the keys were old. Could have been 'touched' I
> guess, I'm not sure.
> 
> I can't seem to find anything nasty in the logs, or in history, etc.
> rkhunter only warned about "unhide" and "unhide-linux26", but I think
> this will be because of Debian's alternatives linking.
> 
> It's an up-to-date Lenny box.
> 
> Perhaps the keys became corrupt somehow midstream, which killed the
> SSH session. But I'm not even sure if this makes sense :-)
> 
> Am I just being paranoid? Any suggestions welcome.
> Thanks!
> -c

Are you sure that it isn't just that you apt-get installed the SSL
blacklist at some time in the past and now the previously broken keys
have been replaced by better ones?

(doesn't sound likely, but I thought I'd raise the possibility)

Bob Edwards.


More information about the linux mailing list