% - by default, no shell user should be allowed to log in to ftp/telnet/pop % using the same password or at all
Here's what throws me. I understand you to say that the default should be for a console-only system. Is that what you meant?? I also don't know what you mean by "same password"...
A very common setup for a system with remote maintenance is to use SSH for shell access. However, this is insecure, if you keep using ftp and pop for the same account with the same password. My setup is, to use separate accounts for different services. Quite inconvenient, unless you configure different password-dbs for ftp/pop/samba. Again, this is considerably more effort, and I doubt that many admins do this. Obviously, local access should not be limited. Rainer
Rainer -- ...and then rhoerbe@netpromote.co.at said... % >% - by default, no shell user should be allowed to log in to % ftp/telnet/pop % >% using the same password or at all % > % >Here's what throws me. I understand you to say that the default should % >be for a console-only system. Is that what you meant?? I also don't % >know what you mean by "same password"... % % A very common setup for a system with remote maintenance is to use SSH for Right... % shell access. However, this is insecure, if you keep using ftp and pop for % the same account with the same password. My setup is, to use separate Ahhh... I gotcha. % accounts for different services. Quite inconvenient, unless you configure Not a bad way to go. I just use sftp or scp and IMAP-SSL if I do any remote mail work at all :-) % different password-dbs for ftp/pop/samba. Again, this is considerably more % effort, and I doubt that many admins do this. Yeah. That would be some work, and I'd hate to have to keep changing my sent-through-clear passwords every other day! % Obviously, local access should not be limited. ... or even remote access to the box (through a secure channel, of course), which is how I read your message the first time :-) % % Rainer % % % --------------------------------------------------------------------- % To unsubscribe, e-mail: suse-security-unsubscribe@suse.com % For additional commands, e-mail: suse-security-help@suse.com :-D -- David T-G * It's easier to fight for one's principles (play) davidtg@bigfoot.com * than to live up to them. -- fortune cookie (work) davidtgwork@bigfoot.com http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! The "new millennium" starts at the beginning of 2001. There was no year 0. Note: If bigfoot.com gives you fits, try sector13.org in its place. *sigh*
On Wed, 02 Aug 2000, rhoerbe@netpromote.co.at wrote:
A very common setup for a system with remote maintenance is to use SSH for shell access. However, this is insecure, if you keep using ftp and pop for the same account with the same password.
I just thought to myself: Why is this insecure? If you login by SSH to do remote maintenance, then true, anyone who sniffs your in the clear ftp and pop passwords can login as you. But they can only login as you the USER. They can never sniff the root password, as your "su root" password is always encrypted. .... and then the penny dropped. If someone ever logs into your user account. And then you login after they have done their mischief, and su, then you have just given away the crown jewels. Oh well. Not a troll just an observation : Microsoft ftp and pop servers have the same problem - but those I have used use a separate user database, so its up to the user to have different passwords. Let us all admins vow not tor use our /etc/shadow passwords for any clear text service. 3 cheers IMAP-SSL and scp. dproc
I just thought to myself:
Why is this insecure? If you login by SSH to do remote maintenance, then true, anyone who sniffs your in the clear ftp and pop passwords can login as you.
But they can only login as you the USER. They can never sniff the root password, as your "su root" password is always encrypted.
....
and then the penny dropped.
If someone ever logs into your user account. And then you login after they have done their mischief, and su, then you have just given away the crown jewels. Oh well.
Just one thought: On our system the only possibility to log in and work on the shell is SSH with RSA-authentification. So, if someone sniffs the "normal" password, okay, he can get access to the emails and for ftp-access. But NOT for any works on the system itself. Because to log in with SSH, there is a different password necessary. So, okay, this is not really secure, but at least no one can really harm the system. Or am I wrong ??? --- Stephan
participants (4)
-
David T-G -
dproc@dol.net -
OKDesign oHG Security Webmaster -
rhoerbe@netpromote.co.at