Thursday, April 04, 2019

Re: hacked for the second time

Hi, my english seems very bad because my problem is not to make secure the ssh key. My problem is how do not be hacked.
I have talked about the ssh key stealing to show signs that my pc was been compromised.
I can for sure make secure my ssh key but how to make secure my the pc ?
If I have a rootkit that steal the ssh key the problem is the rootkit. You know keylogger that steal password ? or cookie stealing ?



Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 4, 2019 10:19 AM, Tor Houghton <torh@bogus.net> wrote:

> Hi,
>
> Difficult to make any recommendations based on this information, but once
> you've recovered, enforce ssh key-based logins only.
>
> Given that your client might be compromised, you probably want to look into
> that as well.
>
> To limit the possibilities that someone gets access to your
> ssh private key's keyphrase, store it off-client -- for example using your
> mobile phone (e.g. Kryptonite -- https://krypt.co; do read caveat regarding
> Android crypto).
>
> Good luck.
>
> On Wed, Apr 03, 2019 at 06:56:39PM +0000, Cord wrote:
>
> > Hi,
> > I have some heavy suspect that my openbsd box was been hacked for the second time in few weeks. The first time was been some weeks ago, I have got some suspects and after few checks I have found that someone was been connected to my vps via ssh on a non-standard port using my ssh key. The connection came from a tor exit node. There were been 2 connections and up since 5 days. Now I have some other new suspects because some private email seems knew from others. Also I have found other open sessions on the web gui of my email provider, but I am abolutely sure I have done the logout always.
> > I am using just chrome+unveil and I haven't used any other script or opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used epiphany only to open the webmail because chrome crash. My email provider support html (obviously) but generally photo are not loaded. Ofcourse I have pf enable and few service.
> > I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 website just to read news. Sometimes I search things about openbsd.
> > Anyone could help me ?
> > Cord.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)