what is ssh-sgent?
andy baxter
andy at earthsong.free-online.co.uk
Sat May 3 20:29:59 UTC 2008
andy baxter wrote:
> John K Masters wrote:
>
>> On 20:50 Sat 03 May , andy baxter wrote:
>>
>>
>>
> The server is on the web when it's switched on - I have an ADSL router
> which is set to forward traffic on port 80 to port 80 of the server. So
> it is possible the server has been compromised and then used to break
> into my other machine. I don't have a firewall running on my laptop
> because I thought it was safe having no outward facing server processes
> - just apache and sometimes mysql running on localhost. But I may be
> wrong here - netstat --program -al gives (truncated):
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> tcp 0 0 localhost:2208 *:* LISTEN 5
> 021/hpiod
> tcp 0 0 localhost:www *:* LISTEN 5
> 359/apache2
> tcp 0 0 192.168.1.3:domain *:* LISTEN 4
> 957/named
> tcp 0 0 localhost:domain *:* LISTEN 4
> 957/named
> tcp 0 0 localhost:ipp *:* LISTEN 5
> 877/cupsd
> tcp 0 0 localhost:smtp *:* LISTEN 5
> 166/master
> tcp 0 0 localhost:953 *:* LISTEN 4
> 957/named
> tcp 0 0 localhost:2207 *:* LISTEN 5
> 024/python
> tcp 0 0 192.168.1.3:2579 mail.free-online.n:pop3 TIME_WAIT -
>
> tcp6 0 0 *:domain *:* LISTEN 4
> 957/named
> tcp6 0 0 ip6-localhost:953 *:* LISTEN 4
> 957/named
> udp 0 0 *:1024 *:* 4
> 957/named
> udp 0 0 192.168.1.3:domain *:* 4
> 957/named
> udp 0 0 localhost:domain *:* 4
> 957/named
> udp 0 0 *:bootpc *:* 1
> 7718/dhclient
> udp6 0 0 *:1025 *:* 4
> 957/named
> udp6 0 0 *:domain *:* 4
> 957/named
>
> I think this means named has an incoming port open. Is this a good idea
> (I don't think I need it) and should I just disable it?
>
P.S. I don't have any concrete reason to think my machine has been got
at - I was just poking around my system and found that ssh-agent has a
socket in /tmp.
More information about the ubuntu-users
mailing list