Re: need help with openssh attack
- To: debian-security@lists.debian.org
- Subject: Re: need help with openssh attack
- From: consul tores <consultores1@gmail.com>
- Date: Mon, 9 Jan 2012 22:53:30 -0800
- Message-id: <CAFxkjqmP7hWj3A+==5r1gRtUedW4Md-2rhLJQi0brNSCuHtSrw@mail.gmail.com>
- In-reply-to: <CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>
- References: <CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>
2011/12/29, Taz <taz.inside@gmail.com>:
> Hello, we've got various debian servers, about 15, with different
> versions. All of them have been attacked today and granted root
> access.
> Can anybody help? We can give ssh access to attacked machine, it seems
> to be serious ssh vulnerability.
>
> How can i contact openssh mnt?
>
> Thank you.
Hello Taz
Could you please expand your technical explanation?
a. do you use keys+passphrases or keys or passwords?
b. how many people have a key or password?
c. could you show sshd_config at pastebin?
d. how many servers were really compromised?
Thanks so much for your attention.
PS:
You can determine how they were compromised by coincidences in
sshd_config or other config file.
Reply to: