Quote:
Originally Posted by W1zzard
look in the logs, check what's happening, fix it  |
+1: But I would still kill sshd until he figures it out.
Quote:
Originally Posted by Moose
Still sshd connections are being made and are sending emails! What can I do?
|
A: disable sshd if you can work locally.
(sudo /etc/init.d/sshd stop)
B: Disable password authentication (biggest vulnerability in a *nix system IMHO.)
@ /etc/ssh/sshd_config
You want:
Code:
PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
PermitRootLogin no
C: Enable shared key auth (and only shared key auth,) and generate a public/private RSA key pair.
(ssh-keygen -b 4096)
D: Allowing SSH into root is also dangerous. I would disable root login in then sshd config.
E: Copy your public key somewhere and enable sshd and you should be all set. That way the only way a hacker can get in through SSH is if they have your private key.
One of the more common reasons that mail fails (not initially, but over time) is when DNS is not properly setup. Maybe you're missing or have a bad MX or PTR record and the email server keeps retrying. That will make mail servers reject your email very quickly after a little while.