Security issue with ssh on Debian server

Question

I have setup Debian Squeeze on an old laptop to serve as a testbed. I have installed OpenSSH and edited /etc/ssh/sshd_config to use ssh keys and disallow password authentication.

I am able, however, to login with a password via serFISH.com. On entering the password I get:

Connecting as lemmy@*myipaddress* on port 5001...                             
/root/.ssh/known_hosts updated.                                                 
Original contents retained as /root/.ssh/known_hosts.old                        
lemmy@my*ipaddress*'s password:                                               
Linux saturn 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686               

The programs included with the Debian GNU/Linux system are free software;       
the exact distribution terms for each program are described in the              
individual files in /usr/share/doc/*/copyright.                                 

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent               
permitted by applicable law.                                                    
Last login: Sun Aug 26 11:20:12 2012 from 78.47.79.193                          
lemmy@saturn:~$`

How is this possible?

@Andy: Can you post your `sshd_config` file or at least the relevant part? — Khaled, Aug 26 '12 at 12:34
Thank you @Eric and Khaled. After restarting ssh it works as intended. — Andy, Aug 26 '12 at 12:44

score 2 · Answer 1 · answered Aug 26 '12 at 14:17

As a general rule :

Don't forget to restart/reload/stop start the service after modifying the configuration files.

Also, you should always perform manual backups of the configurations file before modifying them : It shortens the roll back when somethings goes wrong.

Security issue with ssh on Debian server

1 Answers1