On 07/04/2017 10:58 AM, andreil1@starlett.lv wrote:
Few days ago I noticed fail2ban does nothing, and discovered problem with ssh keys permissions.
Then I'd assume you've been hacked, and take it off line (right away), nuke and re-install. I look for foreign additions to authorized_keys files (all of them). Somebody, local or remote, probably already has root, or at least a user account from which they could attack root. When you do put it back up, disable password authentication, regenerate your ssh keys, and only allow ssh public key authentication. I don't think a normal opensuse install allows login over ssh by root. So I'd look into all other accounts on that machine. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org