On 02/05/06, jared r r spiegel <[EMAIL PROTECTED]> wrote:
On Tue, May 02, 2006 at 09:49:07PM +0100, Constantine A. Murenin wrote:
> On 02/05/06, jared r r spiegel <[EMAIL PROTECTED]> wrote:
> >
> > if we didn't have that little PIII/450 sitting next to the
> > machine now, for the purposes of bringing live, getting
> > patches onto, making .tgzs, and then copying them over to
> > untar onto host B, what bob beck criticized about would be
> > entirely accurate about me.
>
> One thing I didn't follow in this story is why did this 'virus' change
> the host key?
> It's not like you can't use the old key with the new sshd install, is it?
it installed its own replacement sshd and host_*_keys. had its
Is that so that the intruder could verify the integrity of the host he
is connecting to? :)
But on the other hand, it means that everyone who was compromised
could decrypt the ssh traffic from other compromised hosts...
C.
