On 07/04/2017 07:38 PM, John Andersen wrote:
On 07/03/2017 11:52 AM, andreil1@starlett.lv wrote:
Unexpectedly I've got this warning on one of the servers: SSH warning: Permissions 0640 for '/etc/ssh/ssh_host_xxx_key' are too open Would have been nice to know the dates on those files before you changed them.
I've had this happen in the past when restoring/moving files from a backup source that did not restore proper permissions, such as when cloning system or upgrading a hard drive or something.
If this suddenly appeared, and you KNOW or have backups showing it was not always that way, then yes, it is definitely a sign of tampering.
It can never properly work this way. Its refused to run with loose permissions since forever AFAIR.
This system not cloned or copied. Its a small internet appliance with SSD disk. 3 weeks ago I noticed it becomes very slow, disk had 0 free space because of logs, so I switched from rsyslog to syslog-ng, limited size of logs, and wiped out /var/log.. However, I never changed permissions of SSH keys. Few days ago I noticed fail2ban does nothing, and discovered problem with ssh keys permissions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org