On 03/01/12 18:57, Russell Coker wrote: > On Fri, 2 Mar 2012, Jordon Bedwell <envyge...@gmail.com> wrote: >>> Run the command below. >>> >>> grep "ssh:1.%.30s@%.128s.s password:" /usr/sbin/sshd; echo $? >>> >>> If you don't get 1 as output, your sshd is compromised. >> It returned 1, this happens on freshly installed Debian and Ubuntu too >> though, tested it on Ubuntu too. > http://etbe.coker.com.au/2011/12/31/server-cracked/ > > If you havd a sshd that is compromised in the same way as one was on one of > my > servers then Anibal's command will give an output of 0. > > I don't know what relevance this has to a discussion of OpenSSH logging > though. > > I'd like to have OpenSSH log the email address field from a key that was used > for login so I could see something like "ssh key russ...@coker.com.au was > used > to login to account rjc" in my logs. > >From what I know that information(the comment on the key) is not vary secure, Joe could put Bob as his comment...
However one could so a look-up on the key from a key-server and get the email address that way. This is assuming that ppl are using there gpg(email) keys for ssh. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f502dff.1050...@mikemestnik.net
