Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
Hi,

If we really want to talk paranoia :-), you could do it like that:

Put a box with some kind of VPN functionality in front of the server or do
it directly on the server in question. Allow ssh only through this tunnel.
>From the remoteadmin box, you build up a VPN and make the ssh session
through this tunnel. For the VPN, you can use some kind of key
authentication, for the ssh you can use normal username/password login.

Your gain is:
- someone must penetrate first your VPN
- after that, they have to do the ssh-password trick
- from network traffic analysis, the sniffer can't see, what kind of data is
transmitted to the server
- portscans won't reveal ssh

Regards
Reto Inversini

----- Original Message -----
From: "Robert Casties" <robert.casties@xxxxxxxxxxxxxx>
To: "Douglas Trainor" <trainor@xxxxxxx>
Cc: "Matt Hubbard" <matt@xxxxxxxxxxxxxx>; <suse-security@xxxxxxxx>
Sent: Friday, January 11, 2002 10:25 AM
Subject: Re: [suse-security] remote admin: su vs login as root


> On Wed, 9 Jan 2002, Douglas Trainor wrote:
>
> > You might browse this paper:
> >
> > "Timing Analysis of Keystrokes and Timing Attacks on SSH"
> > by Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
> > 10th USENIX Security Symposium, 2001. They're from UCB
> > and they're smart.
>
> This would be an argument against logging in as a normal user and then su
> to root wouldn't it? As I remember from a talk I heard lately it is rather
> easy to identify when a password is typed after you logged in. That's
> where you can use timing analysis. The password you type into ssh before
> you log in is sent in one batch in the login procedure.
>
> > > If I su to root after logging in via ssh then I am still
transmitting my
> > > root password (although it is encrypted). From a security standpoint,
> > > what's the difference in exposure?
>
> The argument against allowing direct login to root are guessing attacks to
> the password. The attacker can try all sorts of passwords and if he gets
> it right he's root.
>
> If root's not allowed to login directly the attacker has to know any
> username first and if he breaks the password by guessing then he's only
> user (at first). On the other hand there are the timing attacks mentioned
> above (which I consider rather low risk).
>
> If you use any sort of key authentication no password will be sent ever
> but you really have to guard your keys.
>
> Cheers
> Robert
>
> --
> Robert Casties --------------------- http://philoscience.unibe.ch/~casties
> History & Philosophy of Science Tel: +41/31/631-8505 Room: 216
> Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern
> Uni Bern (PGP key on homepage: 3C7E CAA6 0A2A 6955 AA25)
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
Follow Ups
References