[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH attack

On Oct 3, 2005, at 1:57 AM, Jared Hall wrote:

It looks like I am being rooted right now.  How do I toss this guy off
of my system.  [...snip...] I
can't shut down ssh because that's my only connection to the system.

[a bit late to the party, but...]

Yes you can.  You can repel an active SSH attack using:
     sudo /etc/init.d/ssh stop

to shut down sshd and prevent _new_ sessions. Existing sessions, including the one you're using, will remain active as you examine the situation. When you're satisfied you can restart the sshd.

BUT BEWARE! If you start killing sessions make sure you don't kill yourself.

Reply to: