2

I visited a friend recently and he uploaded Linux on my laptop. He uploaded many programs from his laptop unto mine using a terminal. To do this he had to add a very long code from his laptop onto my laptop using my terminal and visa versa from mine to his using his terminal to give him remote access through his wifi to my laptop. I am new to the Linux OS and still have much to learn so please bear with my ignorance.

My question: How do I find that long code and remove it and what would be the right terminology to describe what he did on my laptop? Did he merely create a network group through terminal or did he open a kind of a door which only he knows of? 

$ dpkg -s openssh-server | grep Status
Status: install ok installed
kenorb
  • 10,347
Codering
  • 21
  • 2
    Please [edit] and add the output of dpkg -s openssh-server | grep Status to your question. This checks whether this package is installed on your system, ssh is the way to set up a connection like you describe. If it is installed and you don’t want it to be, simply remove it with sudo apt remove openssh-server and restart. – dessert Dec 11 '18 at 22:37
  • There are plenty of ways to allow remote access to your computer, ranging from standard solutions (like ssh) to secret backdoors. Do you fully trust your friend? If so, ask them to describe what they did and to undo it, they know it much better than any of us could figure out. If not, reinstall your system from scratch, without their help. – egmont Dec 11 '18 at 22:48
  • By the looks of it I am almost certain that it is an openssh-server. I checked and openssh-server is installed. How can I check for the accounts that has access to it? The article at https://help.ubuntu.com/community/SSH/OpenSSH/Configuring helped allot, but I cant seem to find a way to check for accounts. – Codering Dec 11 '18 at 23:10
  • I don`t want to assume that the openssh-server is in fact the way he gained access to my laptop. I would like to verify it. Also as I am still learning to code and have little to no knowledge of ssh, I think it would make a good exercise to manually remove his account. – Codering Dec 11 '18 at 23:44
  • Regarding my main question I am sure by removing the openssh-server will resolve the issue. Thank you. – Codering Dec 11 '18 at 23:56
  • 3
    Another option would be to ask your friend what he did to your laptop. Our knowledge is naturally limited. – WinEunuuchs2Unix Dec 12 '18 at 02:15

1 Answers1

1

With dpkg -s openssh-server | grep Status returning installed you have confirmed that someone installed an SSH server on your machine, as this package is not installed by default in any of the current Ubuntu releases (see their .manifest files). If you don’t need remote access to your machine and want to make sure nobody else is using ssh to get access either, simply remove this package with

sudo apt remove openssh-server

and either reboot or stop the sshd service with 

systemctl stop sshd

and kill any connection that may still be active with:

killall sshd

Manually removing an SSH user is more complicated and requires much more information than you gave us, but these questions might be helpful:

dessert
  • 39,982