When logging in, several users reported seeing themselves already logged in from strange locations or running funny processes. Most of these folks are generally security-conscious, use strong passwords, and don't fall for the standard social engineering tricks. Because the admin is . . .
When logging in, several users reported seeing themselves already logged in from strange locations or running funny processes. Most of these folks are generally security-conscious, use strong passwords, and don't fall for the standard social engineering tricks. Because the admin is good and paranoid, the machine is always kept up to date on patches and ssh is the only way to login, meaning the traffic is all encrypted. I suspected some vulnerability that wasn't yet public knowledge on the 'Net.
The ssh host key had changed. Any time you see this, you should suspect the worst. However, since we've had a few ssh vulnerabilities recently, I figured that the admin had accidentally wiped out the original ssh keys in /etc/ssh and needed to make new ones. Heck, I've done it myself.
The link for this article located at IT World is no longer available.