1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Mac - terminal compromised?

Discussion in 'General Security' started by arisocrates, Feb 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. arisocrates

    arisocrates Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    4
    Hello folks,

    I bought my first mac about a year and a half ago. A week or so later I got chatting to someone in a cultural exchange centre who was a mac expert. She started messing around with terminal- saying she was checking her email through it. I was always a little worried that she was doing a little more than that but had no clue about how to check it out.

    Today I was looking for ways to clear a few GB off the hard drive for extra space when I found a terminal log and saw this msg

    ^[[ADarraghs-MacBook-Pro:~ darraghkenny$ ssh [email protected]
    whoWarning: Permanently added the RSA host key for IP address '(xxIP number)' to list of known hosts

    Is this something to worry about? (i.e. did she create a 'back door' into my mac?) or is this just innocent checking email?

    Thanks for any help
     
  2. ETech7

    ETech7

    Joined:
    Aug 30, 2012
    Messages:
    893
    Did you look up that IP address?

    But it looks like she was doing what she told you.
     
  3. arisocrates

    arisocrates Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    4
    hmm i put it into google and got this http://www.whois365.com/tw/ip/128.2.13.139

    iv no idea who that is, Im residing in Ireland and that IP is a university in Pittsbourg, US. Perhaps she logged into her uni email (I think she was american).

    thanks for any help
     
  4. 1002richards

    1002richards Retired Trusted Advisor

    Joined:
    Jan 29, 2006
    Messages:
    5,333
    Hi,
    If you Google "ebalaywi" you get some results for uploaded work at that Uni by a person with that user name:
    http://www.andrew.cmu.edu/user/ebalaywi/ and as that's public on t'internet I don't think looking there is out of order.

    Richard
     
  5. arisocrates

    arisocrates Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    4
    thanks Richard.

    Do you know what the "whoWarning: Permanently added the RSA host key for" is?

    I was worried that it meant it someone had permanently opened a some 'port' to the inner workings of my laptop or something?

    (programming and programming language is pretty alien to me- for all I know, it could mean literally anything).

    Thanks to both of you for taking the time to help me out :)

    Darragh
     
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
    I think the key is for Secure Shell to verify that her account at the edu is to be trusted. What she was doing thru SSH is another matter. She used SSH to start a terminal session to her account. Difficult to say if she did anything harmful to your machine without further logs of her activity.
     
  7. arisocrates

    arisocrates Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    4
    Thanks Lunar. There is not much else there except where she entered her password for the account.

    I think Im fine

    D
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089502

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice