Hi there,
I just find out that there is already a key in my /home/osmc/.ssh/authorized_key file.
If I remove this key and reboot my device, this key is automaticaly replace in the file.
Any idea?
thx
You got hacked!
Did you changed the original password? Did you port forward SSH or are you directly connected to the internet?
Which device you are running OSMC on?
What is the content of authorized_key?
Arf!
I’ve forward ssh through another port. Can’t remember if I changed the original password but in sshd_config I’ve set PermitRootLogin to no and configured a key for the ssh connexion. OSMC running on a pi.
My key was replace in authorized_key by the other one.
Hi,
I suggest you remove the port forward. Reinstall your device. Before reinstating the port forward, change the default password. Also if you are using key, disable password logins in /etc/ssh/sshd_config:
PasswordAuthentication no
Also if possible on your firewall/router lockdown the IPs allowed to access your osmc device via ssh.
Also if you paranoid like me, consider fail2ban as well.
Thanks Tom.
Thanks for the answer.
I’ve removed the port forwarding when I see that the key was not mine.
I’ll start a fresh install soon.
Do you know if there is any ssh log?
Hi,
If your are looking for successful ssh logins, the last command will show these. Easiest way to read them is piping to less:
last | less
You can review logins a line a at time with enter key or space moves a page at a time.
Thanks Tom.
Hi,
I’ve reinstall everything before checking the log… But my IP address has been ban from cloudfare…
" This IP address has been reported a total of 41 times from 22 distinct sources."
Hi,
If its dynamic, try turning your router off overnight; ISP should issue a new IP. Please be advised you may need to leave your router off for longer, can take some ISPs 24hours+ of outage to issue a new IP.
If a Static IP, you may be able to to request a new IP from your ISP.
Failing that it will drop from the list eventually or you could try contacting cloudflare support and explain whats happened and that its resolved, but I suspect you will have do this from a different IP.
Thanks Tom.
I’ve got a static IP, but finally I’ve been unblocked from cloufare.
thx