Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: ssh vs. webmin
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Wed, 9 Jan 2002 14:05:29 -0700
  • Message-id: <00a201c19951$5e704020$6400030a@xxxxxxxxxxxx>
Having used webmin early on (when it stored passwords in plaintext on the
filesystem, and other bad things) and considering that the default is not
ssl encrypted, verses OpenSSH (and having spent some time talking with
Marcus) I can't see anyone sane using webmin over ssh unless they truly
refuse to learn the command line.


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/


----- Original Message -----
From: "Ralf Ronneburger" <ralf@xxxxxxxxxxxxxx>
To: "suse-security" <suse-security@xxxxxxxx>
Sent: Wednesday, January 09, 2002 1:57 PM
Subject: Re: [suse-security] remote admin: ssh vs. webmin


> Hi Matt,
>
> no mater which way you choose - it'll never be completely secure as long
> as the box is on the internet. Make sure, that you're logging into the
> right machine (you should know the RSA1 key fingerprint) and log in as a
> normal user, do as much as you can with this account and su to root if
> you have to. If your giving some special user more privileges then you
> can use root right away - a cracker will have enough priviliges either
> way (manipulate config-files, starting network-services).
>
> Best regards,
>
> Ralf Ronneburger
>
> Matt Hubbard wrote:
>
> >List,
> >
> > I know that I shouldn't log in remotely as root via ssh, but how can I
> >start/stop networking daemons or manipulate config files in the /etc
> >without this level of access? Should I use something like webmin
> >instead? Can I create a user that has write privileges in the /etc
> >directory and should this user be capable of starting /stopping network
> >daemons? Just looking for direction on this subject.
> >
> >Thanks,
> >
> >Matt Hubbard
> >
> >
> >
>
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >