Successful SSH Attack - Need help cleaning up

Kyle Waters unum at
Fri Oct 27 16:10:25 MDT 2006

Daniel wrote:
> I have people accessing this server who don't know much about 
> computers and
> get freaked out when some thing changes.  Will they notice something has
> changed when they use it the first time after the reinstall?

When you reinstall the server will create a new ssh key.  Depending on
their settings your users should atleast get a warning stating that the
host ssh key has changed.  Any other noticable changes all depend on how
you set things up when you reinstall.  In case it wasn't clear before,
you need to reinstall your entire OS.  You may keep user files, but you
may want to check for executables in /home.

Someone suggested moving the ssh port to a different port, I think this
is an excellent suggestion.  You may also want to also consider setting
a rate limit using iptables so that it is more difficult for someone to
use a brute force attack.  If you do set up rate limiting your users
will not have to make any changes on their end.


More information about the PLUG mailing list