[net] user connction to sshd

Hans Fugal hans at fugal.net
Sun Jul 10 09:25:43 MDT 2005


In addition to the precautions and reactions already given, I suggest
not allowing password authentication, only key-based authentication. If
that solution is feasible, then the only practical way for someone to
gain a connection to (patched) ssh is to have access to a private key.

On Sat,  9 Jul 2005 at 22:53 -0600, Sean Kirkby wrote:
> Howdy,
>  
> We noticed yesterday that there were a number of connections to the SSH
> daemon running on a test box we had running outside our firewall
> (running RH 8.0!).  The connections were from someplace in Florida, and
> someplace in Germany (we think).
>  
> The user name for the connections were "[net]" (sans quotes)... none
> such exists in the shadow file.
>  
> Any ideas what this "[net]" user means?  As best we could tell, the
> connections were benign (but unsettling)... we've since shut SSHD down
> on that box, but I am still curious to know what that user ID is or
> means.
>  
> Any idears would be appreciated...
>  
> Thanks.
>  
> --sk.
>  
> ========================
> Sean Kirkby
> Concentrico, Inc.
> P: (801) 221-7606 x204
> W: www.Concentrico.net 
> -=-=-=-=-=-=-=-=-=-=-=-=
> GroupWise and Linux
>      to the Nth Power
> - Formativ Solutions
> - World-Class Service
> ========================
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='
> 

-- 
 .O.  Hans Fugal            | De gustibus non disputandum est.
 ..O  http://hans.fugal.net | Debian, vim, mutt, ruby, text, gpg
 OOO                        | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95  CB5E FC98 E8CD E0AA D460
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20050710/3b12fd8f/attachment.bin 


More information about the PLUG mailing list