RE: [suse-security] connection via telnet, XServer, ssh
That is what I call a fast answer :-). Only 10 Minutes! Thank you, Markus and Stefan. I will try the ssh-clients. What I didn't know is that Cyqwin includes a XServer. Thanks again, Reinhard.
-----Original Message----- From: Peer Stefan [SMTP:stefan.peer@tiwag.at] Sent: Wednesday, April 16, 2003 10:57 AM To: suse-security@suse.com Subject: RE: [suse-security] connection via telnet, XServer, ssh
Hi
From: Habichtsberg, R. [mailto:reinhard.habichtsberg@unilux.de] Hi all,
how do you estimate the security risk of the following situation:
I log into a linux-server from a windows-client via telnet as normal user.
Why don't you use ssh? There are many nice windows ssh clients out there, putty for example.
From the linux-server I start a x-session (command: konsole -display windows-client:0,0) to a x-server (MIXServer 5.6) on the windows-client.
From this session I open a ssh-session to a second linux-server where I have to work as root (su -).
Now, if I would scan the data between the windows PC and the linux-servers could I read them not coded, particularly could I read the root password in plaintext?
Yes. The password is transmitted via X over the network, which isn't encrypted afaik. But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log."
TIA, Reinhard
regards, Stefan
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Wed, 16 Apr 2003, Habichtsberg, R. wrote:
That is what I call a fast answer :-). Only 10 Minutes! Thank you, Markus and Stefan. I will try the ssh-clients. What I didn't know is that Cyqwin includes a XServer.
Yes it is very nice, but like MiX it leaves open ports that you should try to close off with configuration or personal firewall settings. While you are downloading Cygwin you should get its openssh package which includes a modern ssh client. It will be less trouble generating and copying keys than putty, and also has an ssh-agent which is a timesaver to have on your PC. Hope this is useful. dproc
participants (2)
-
dproc@dol.net
-
Habichtsberg, R.