Having used webmin early on (when it stored passwords in plaintext on the
filesystem, and other bad things) and considering that the default is not
ssl encrypted, verses OpenSSH (and having spent some time talking with
Marcus) I can't see anyone sane using webmin over ssh unless they truly
refuse to learn the command line.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "Ralf Ronneburger"
Hi Matt,
no mater which way you choose - it'll never be completely secure as long as the box is on the internet. Make sure, that you're logging into the right machine (you should know the RSA1 key fingerprint) and log in as a normal user, do as much as you can with this account and su to root if you have to. If your giving some special user more privileges then you can use root right away - a cracker will have enough priviliges either way (manipulate config-files, starting network-services).
Best regards,
Ralf Ronneburger
Matt Hubbard wrote:
List,
I know that I shouldn't log in remotely as root via ssh, but how can I start/stop networking daemons or manipulate config files in the /etc without this level of access? Should I use something like webmin instead? Can I create a user that has write privileges in the /etc directory and should this user be capable of starting /stopping network daemons? Just looking for direction on this subject.
Thanks,
Matt Hubbard
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com