Re: SSH and RSA

To: Stephen Andrew <Andrew.Stephen@nzpost.co.nz>
Cc: "'Duane Powers'" <duane@uberLAN.net>, debian-security@lists.debian.org
Subject: Re: SSH and RSA
From: Olaf Meeuwissen <olaf@epkowa.co.jp>
Date: 20 Feb 2001 08:33:48 +0900
Message-id: <8766i6tfhf.fsf@frodo.epkowa.co.jp>
In-reply-to: <D10B3BC6A35AD3119F3E00508B4411A204752250@wncorpex2.nzpost.co.nz>
References: <D10B3BC6A35AD3119F3E00508B4411A204752250@wncorpex2.nzpost.co.nz>

Stephen Andrew <Andrew.Stephen@nzpost.co.nz> writes:

> > Mike Dresser wrote:
> > 
> > > You don't mention whether the previous admin is still with 
> > you, but if not, you'll want to remove his RSA keys from the 
> > server, or else you can change your root password all you want,
> > and he'll still be able to connect, assuming he can get to the
> > machine via your network/internet.
> 
> Mike has an exceptionally pertinant point here.
> 
> Right now - even before you start trying to load your own RSA key
> in, log into all machines running SSH and remove the previous admins
> key from ~root/.ssh/authorized_keys;

Be paranoid.  Remove the ~root/.shh/autohorized_keys from all boxen
(you might want to move it out of the way till you're set up though)
and start from scratch.  As the admin you want to know who can get in
as root on your machines.  Besides script kiddies of course :-)

There was a good mini HOWTO kind of posting on debian-user a while
back that got me started without much trouble.  The original is at:

  http://home.netcom.com/~kmself/Linux/FAQs/sshrsakey.html

Hope this helps,
-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development

Reply to:

Follow-Ups:
- Re: SSH and RSA
  - From: Duane Powers <duane@uberLAN.net>

References:
- RE: SSH and RSA
  - From: Stephen Andrew <Andrew.Stephen@nzpost.co.nz>

Prev by Date: Re: Debian or Linux 7???
Next by Date: Re: Debian or Linux 7???
Previous by thread: RE: SSH and RSA
Next by thread: Re: SSH and RSA
Index(es):
- Date
- Thread