[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH and RSA

Stephen Andrew <Andrew.Stephen@nzpost.co.nz> writes:

> > Mike Dresser wrote:
> > 
> > > You don't mention whether the previous admin is still with 
> > you, but if not, you'll want to remove his RSA keys from the 
> > server, or else you can change your root password all you want,
> > and he'll still be able to connect, assuming he can get to the
> > machine via your network/internet.
> Mike has an exceptionally pertinant point here.
> Right now - even before you start trying to load your own RSA key
> in, log into all machines running SSH and remove the previous admins
> key from ~root/.ssh/authorized_keys;

Be paranoid.  Remove the ~root/.shh/autohorized_keys from all boxen
(you might want to move it out of the way till you're set up though)
and start from scratch.  As the admin you want to know who can get in
as root on your machines.  Besides script kiddies of course :-)

There was a good mini HOWTO kind of posting on debian-user a while
back that got me started without much trouble.  The original is at:


Hope this helps,
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development

Reply to: