Re: SSH attack
On Oct 3, 2005, at 1:57 AM, Jared Hall wrote:
It looks like I am being rooted right now. How do I toss this guy off
of my system. [...snip...] I
can't shut down ssh because that's my only connection to the system.
[a bit late to the party, but...]
Yes you can. You can repel an active SSH attack using:
sudo /etc/init.d/ssh stop
to shut down sshd and prevent _new_ sessions. Existing sessions,
including the one you're using, will remain active as you examine the
situation. When you're satisfied you can restart the sshd.
BUT BEWARE! If you start killing sessions make sure you don't kill