On 29/7/2000, UK Jaiswal spewed into the LI bitstream:
> Resending as the original mail seems to have been lost.
It arrived.
> I have a machine in which just ssh login is allowed. When I login as
> root, I see that I am the only one logged in (by running w / who) but
> when I see the result of "last", I see that there is another login of
> root from a different IP address. Is it possible for somebody to login
In the same ip block / subnet? Sometimes, when you terminate an
ssh connection using kill -9 (if it hangs, say) the session stays live
till it times out.
> in a hidden manner so that it does not show up in "who"? BTW, that IP
> had access to this machine some time back but since then I too have
Deny access to that IP now.
> changed the password of root and have rebooted the machine a couple of
> times. I guessed that he might have left some ssh key due to which he
> is still able to access my machine inspite of the password being
All ssh keys are stored in the same place ... edit the file and delete
this guy's key.
-suresh
Suresh Ramasubramanian + President, CAUCE India
Stopping Spam in India + http://india.cauce.org
----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
