No problemo, will do. I'm still annoyed that someone managed to get in. Maybe tripwire would be nice on the box?
2008/2/4, Nathan McBride <[EMAIL PROTECTED]>: > > Correct, you have to drop down to the linux cli, not vyatta's. > > On Mon, 2008-02-04 at 14:08 -0500, Aubrey Wells wrote: > > As far as I could tell, you cant set up key-only auth in the CLI. If > > you drop an authorized_keys file in to each user's ~/.ssh directory, > > and set PasswordAuthentication=no in sshd.conf you will enable > > key-only auth. > > > > ------------------ > > Aubrey Wells > > Senior Engineer > > Shelton | Johns Technology Group > > 404.478.2790 > > Support: [EMAIL PROTECTED] > > www.sheltonjohns.com > > > > > > > > > > > > > > On Feb 4, 2008, at 2:00 PM, Jostein Martinsen-Jones wrote: > > > > > Yes, i did change the root password asap! > > > > > > I would much like to see a configuration snippet on how to use > > > rsa-keys. > > > Can I use several rsa-keys so i can login as different users? > > > > > > 2008/2/4, Nathan McBride <[EMAIL PROTECTED]>: > > > Yup sure is. I have setup my vyatta router to only allow > > > rsa keys. > > > Did you change your root password from 'vyatta'? > > > > > > Nate > > > > > > On Mon, 2008-02-04 at 18:13 +0100, Jostein Martinsen-Jones > > > wrote: > > > > Hi > > > > I am only using ssh. Is it possible to have rsa-keys for > > > all users, > > > > including vyatta? > > > > Maybe the attackers managed to brute force my password? > > > > This is very anoying since I have to reinstall the machine > > > tomorrow > > > > and doesn't know what went wrong. Haven't had time to > > > check the logs > > > > either. > > > > > > > > How does the user configuration look for you other guys > > > and girls? > > > > > > > > > > > > 2008/2/4, Stig Thormodsrud <[EMAIL PROTECTED]>: > > > > Hi Jostein, > > > > > > > > > > > > > > > > Are you using telnet or ssh to access the > > > box? Using telnet > > > > in not secure from a public network as the > > > username/password > > > > is in clear text. > > > > > > > > > > > > > > > > stig > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________ > > > > From:[EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > On Behalf Of > > > > Jostein Martinsen-Jones > > > > Sent: Monday, February 04, 2008 2:43 AM > > > > To: Dave Strydom > > > > Cc: vyatta-users@mailman.vyatta.com > > > > Subject: Re: [Vyatta-users] Vyatta box hacked? > > > > > > > > > > > > > > > > > > > > Jupp, I think i have an intruder, the ip > > > 202.172.171.217 isn't > > > > known to me at all. > > > > I am the only one knowing the root password, and I > > > have not > > > > logged in those times that last are showing. > > > > > > > > root pts/0 202.172.171.217 Mon Feb 4 > > > 05:21 - > > > > 07:38 (02:16) > > > > root pts/0 202.172.171.217 Sat Feb 2 > > > 14:54 - > > > > 16:05 (01:11) > > > > root pts/0 202.172.171.217 Fri Feb 1 > > > 23:51 - > > > > 23:57 (00:05) > > > > root pts/0 202.172.171.217 Fri Feb 1 > > > 13:49 - > > > > 17:18 (03:29) > > > > > > > > How did this happen? > > > > I changed all the passwords on install to 8 > > > character long, > > > > using numbers and letters. > > > > This is from my old config, are plaintext-password > > > supposed to > > > > be blank? > > > > > > > > # show system login > > > > user root { > > > > authentication { > > > > encrypted-password: "$1$nZxxxxxxsgXC/" > > > > plaintext-password: "" > > > > } > > > > } > > > > user vyatta { > > > > authentication { > > > > encrypted-password: "$1 > > > $yyyyyyyyyyyt0/" > > > > plaintext-password: "" > > > > } > > > > } > > > > > > > > 2008/2/4, Dave Strydom <[EMAIL PROTECTED]>: > > > > > > > > Login to your router as root and run: > > > > > > > > # last | more > > > > > > > > and see if there are any logins to your machine > > > which you do > > > > not recognize. > > > > > > > > > > > > > > > > On Feb 4, 2008 12:05 PM, Jostein Martinsen-Jones > > > > <[EMAIL PROTECTED]> wrote: > > > > > I got mail from another linux user today. He > > > complained > > > > about login attempts > > > > > to his boxes, from my vyatta router! > > > > > Am I haxored or what? This is from his log and > > > the "ip" > > > > 12.34.56.78 are my > > > > > router. > > > > > > > > > > Feb 2 18:11:39 88.191.40.120 sshd[30444]: > > > (pam_unix) > > > > authentication > > > > > failure; logname= uid=0 euid=0 tty=ssh ruser= > > > > rhost=12.34.56.78 user=root > > > > > Feb 2 18:11:40 88.191.40.120 sshd[30444]: > > > Failed password > > > > for invalid user > > > > > root from 12.34.56.78 port 42492 ssh2 > > > > > Feb 2 18:11:46 88.191.40.120 sshd[30450]: User > > > root from > > > > 12.34.56.78 not > > > > > allowed because not listed in AllowUsers > > > > > Feb 2 18:11:46 88.191.40.120 sshd[30450]: > > > (pam_unix) > > > > authentication > > > > > failure; logname= uid=0 euid=0 tty=ssh ruser= > > > > rhost=12.34.56.78 user=root > > > > > Feb 2 18:11:48 88.191.40.120 sshd[30450]: > > > Failed password > > > > for invalid user > > > > > root from 12.34.56.78 port 42926 ssh2 > > > > > Feb 2 18:11:54 88.191.40.120 sshd[30456]: User > > > root from > > > > 12.34.56.78 not > > > > > allowed because not listed in AllowUsers > > > > > Feb 2 18:11:54 88.191.40.120 sshd[30456]: > > > (pam_unix) > > > > authentication > > > > > failure; logname= uid=0 euid=0 tty=ssh ruser= > > > > rhost=12.34.56.78 user=root > > > > > Feb 2 18:11:56 88.191.40.120 sshd[30456]: > > > Failed password > > > > for invalid user > > > > > root from 12.34.56.78 port 43408 ssh2 > > > > > Feb 2 18:11:56 88.191.40.120 sshd[30494]: > > > refused connect > > > > from 12.34.56.78 > > > > > (12.34.56.78) > > > > > _______________________________________________ > > > > > Vyatta-users mailing list > > > > > Vyatta-users@mailman.vyatta.com > > > > > > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > > > > > > _______________________________________________ > > > > Vyatta-users mailing list > > > > Vyatta-users@mailman.vyatta.com > > > > > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Vyatta-users mailing list > > > > Vyatta-users@mailman.vyatta.com > > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > _______________________________________________ > > > Vyatta-users mailing list > > > Vyatta-users@mailman.vyatta.com > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > >
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
