Hi
From: Habichtsberg, R. [mailto:reinhard.habichtsberg@unilux.de] Hi all,
how do you estimate the security risk of the following situation:
I log into a linux-server from a windows-client via telnet as normal user.
Why don't you use ssh? There are many nice windows ssh clients out there, putty for example.
From the linux-server I start a x-session (command: konsole -display windows-client:0,0) to a x-server (MIXServer 5.6) on the windows-client.
From this session I open a ssh-session to a second linux-server where I have to work as root (su -).
Now, if I would scan the data between the windows PC and the linux-servers could I read them not coded, particularly could I read the root password in plaintext?
Yes. The password is transmitted via X over the network, which isn't encrypted afaik. But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log."
TIA, Reinhard
regards, Stefan