Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: David T-G <davidtg@xxxxxxxxxxx>
  • Date: Wed, 2 Aug 2000 15:03:08 -0400
  • Message-id: <20000802150308.A26474@xxxxxxxxxxxx>
Rainer --

...and then rhoerbe@xxxxxxxxxxxxxxxx said...
% >% - by default, no shell user should be allowed to log in to
% ftp/telnet/pop
% >% using the same password or at all
% >
% >Here's what throws me. I understand you to say that the default should
% >be for a console-only system. Is that what you meant?? I also don't
% >know what you mean by "same password"...
%
% A very common setup for a system with remote maintenance is to use SSH for

Right...


% shell access. However, this is insecure, if you keep using ftp and pop for
% the same account with the same password. My setup is, to use separate

Ahhh... I gotcha.


% accounts for different services. Quite inconvenient, unless you configure

Not a bad way to go. I just use sftp or scp and IMAP-SSL if I do any
remote mail work at all :-)


% different password-dbs for ftp/pop/samba. Again, this is considerably more
% effort, and I doubt that many admins do this.

Yeah. That would be some work, and I'd hate to have to keep changing my
sent-through-clear passwords every other day!


% Obviously, local access should not be limited.

... or even remote access to the box (through a secure channel, of
course), which is how I read your message the first time :-)


%
% Rainer
%
%
% ---------------------------------------------------------------------
% To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
% For additional commands, e-mail: suse-security-help@xxxxxxxx


:-D
--
David T-G * It's easier to fight for one's principles
(play) davidtg@xxxxxxxxxxx * than to live up to them. -- fortune cookie
(work) davidtgwork@xxxxxxxxxxx
http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
The "new millennium" starts at the beginning of 2001. There was no year 0.
Note: If bigfoot.com gives you fits, try sector13.org in its place. *sigh*

< Previous Next >
References