List, I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject. Thanks, Matt Hubbard
Hi Matt, no mater which way you choose - it'll never be completely secure as long as the box is on the internet. Make sure, that you're logging into the right machine (you should know the RSA1 key fingerprint) and log in as a normal user, do as much as you can with this account and su to root if you have to. If your giving some special user more privileges then you can use root right away - a cracker will have enough priviliges either way (manipulate config-files, starting network-services). Best regards, Ralf Ronneburger Matt Hubbard wrote:
List,
I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject.
Thanks,
Matt Hubbard
Having used webmin early on (when it stored passwords in plaintext on the filesystem, and other bad things) and considering that the default is not ssl encrypted, verses OpenSSH (and having spent some time talking with Marcus) I can't see anyone sane using webmin over ssh unless they truly refuse to learn the command line. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "Ralf Ronneburger" <ralf@ronneburger.de> To: "suse-security" <suse-security@suse.com> Sent: Wednesday, January 09, 2002 1:57 PM Subject: Re: [suse-security] remote admin: ssh vs. webmin
Hi Matt,
no mater which way you choose - it'll never be completely secure as long as the box is on the internet. Make sure, that you're logging into the right machine (you should know the RSA1 key fingerprint) and log in as a normal user, do as much as you can with this account and su to root if you have to. If your giving some special user more privileges then you can use root right away - a cracker will have enough priviliges either way (manipulate config-files, starting network-services).
Best regards,
Ralf Ronneburger
Matt Hubbard wrote:
List,
I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject.
Thanks,
Matt Hubbard
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Wednesday 09 January 2002 11:39 am, Matt Hubbard wrote:
List,
I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access?
If you have a good password its no less safe to log in with ssh than it is to su after login. The password is sent encrytped. Also if you use a private key file generated on the remote host and downloaded to your workstation (ssh-keygen) the password is never transmitted over the link, encrypted or not-encrypted. Once you are using ssh it becomes the LEAST likely route of compromise. I'd worry about other exposures first. -- _________________________________ John Andersen / Juneau Alaska
My preferred setup is to restrict access to /bin/su (using chgrp and chmod) so that only administrators can use it. That way a cracker needs to discover *two* passwords to become superuser. So there is some benefit in banning root logins via ssh. Bob On Wed, 9 Jan 2002, John Andersen wrote:
On Wednesday 09 January 2002 11:39 am, Matt Hubbard wrote: If you have a good password its no less safe to log in with ssh than it is to su after login. The password is sent encrytped.
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Hi Bob,
My preferred setup is to restrict access to /bin/su (using chgrp and chmod) so that only administrators can use it. That way a cracker needs to discover *two* passwords to become superuser. So there is some benefit in banning root logins via ssh.
Bob
Since we are talking paranoia... :-) I keep it this way: The more often I have to type a password, the more likely it is that it gets sniffed. I use ssh all over the place for just about everything, and sniffing the ordinary way wouldn't work. But what about X-clients that sniff the X-server (X -nolisten tcp) or similar? Therefore I never type a password except for the screensaver, I usually don't log on as root if I don't have to. Using a password to become root remotely though is not an option. Roman.
* Roman Drahtmueller; <draht@suse.de> on 10 Jan, 2002 wrote:
Therefore I never type a password except for the screensaver, I usually don't log on as root if I don't have to. Using a password to become root remotely though is not an option.
So how do you get the root rights for example by sudo if you never type a password. Or did I get it wrong ? Thanks -- Togan Muftuoglu
Therefore I never type a password except for the screensaver, I usually don't log on as root if I don't have to. Using a password to become root remotely though is not an option.
So how do you get the root rights for example by sudo if you never type a password. Or did I get it wrong ?
On machines where user accounts are only for admins to get root, yes. In such a case, the entity "user" is the border between remote and local: If you are local, then you have a user. Since access to such a user account implies that it's equivalent to root, these user accounts have to be protected just the same way as root. I don't see any reason why to handle the level of protection differently. Roman.
On Thursday 10 January 2002 02:32 am, Roman Drahtmueller wrote:
Hi Bob,
Since we are talking paranoia... :-)
I keep it this way: The more often I have to type a password, the more likely it is that it gets sniffed. I use ssh all over the place for just about everything, and sniffing the ordinary way wouldn't work. But what about X-clients that sniff the X-server (X -nolisten tcp) or similar?
What point is there about worrying about typing your password on a machine that has already been cracked enough to install an X-Sniffer??? -- _________________________________ John Andersen / Juneau Alaska
password reuse. but of course every single one of your passwords is completely different right? ssh keys centralize auth, hopefully you keep your keys secure =). Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "John Andersen" <jsa@pen.homeip.net> To: "Roman Drahtmueller" <draht@suse.de>; "Bob Vickers" <R.Vickers@cs.rhul.ac.uk> Cc: <suse-security@suse.com> Sent: Thursday, January 10, 2002 11:49 PM Subject: Re: [suse-security] remote admin: ssh vs. webmin
On Thursday 10 January 2002 02:32 am, Roman Drahtmueller wrote:
Hi Bob,
Since we are talking paranoia... :-)
I keep it this way: The more often I have to type a password, the more likely it is that it gets sniffed. I use ssh all over the place for just about everything, and sniffing the ordinary way wouldn't work. But what about X-clients that sniff the X-server (X -nolisten tcp) or similar?
What point is there about worrying about typing your password on a machine that has already been cracked enough to install an X-Sniffer???
-- _________________________________ John Andersen / Juneau Alaska
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
you can look into sudo ...and you can set PermitRootLogin to "no" in sshd_config if you dont want to log in as root. hope this helps ciao Matt Hubbard <matt@thermacube.com> wrote: List, I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject. Thanks, Matt Hubbard -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com --------------------------------- Do You Yahoo!? Send FREE video emails in Yahoo! Mail.
Matt Hubbard wrote:
List,
I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject.
Thanks,
Matt Hubbard
Hi, would it be an acceptable solution to 1) login to remote server via ssh (protocol v2 of course) // crypto/secure 2) using password agent // preventing keyboard sniffing 3) using webmin (restricted to localhost) // no access from outer space 4) login as admin // not root so no use for hacker Maybe X-forwarding may cause trouble or riscs but other than that _I_ can think of no big problems (but that has nothing to say...). Roland
participants (9)
-
Bob Vickers -
david lubowa -
John Andersen -
Kurt Seifried -
Matt Hubbard -
Ralf Ronneburger -
Roland Hilkenbach -
Roman Drahtmueller -
Togan Muftuoglu