same user password somewhere else.
The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication
channel.
I think most people using ssh already know it. or maybe not?:)
An attacker may be able to intercept the encrypted
traffic,
2009/5/29 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl:
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote:
Even 15 seconds of thinking is enough to understand that logging
to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is
But we're talking about vulnerability to dictionary and brute-force
attacks. You'd have to first:
Ascertain a username in the wheel group.
As time needed to brute-force crack any of my password is incomparably
longer than the age of universe, this is not an argument.
It's just a matter to
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote:
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote:
Even 15 seconds of thinking is enough to understand that logging
to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name
2009/5/28 Kirk Strauser k...@strauser.com:
On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote:
And yes - i do log as root by insecure rsh and telnet.
OK, I'm now promoting you to batshit insane. Seriously, there's no excuse
for running telnet - even in a secure (ha!) environment -
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote:
Even 15 seconds of thinking is enough to understand that logging
to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
If a system accepts remote root logins, an
for running telnet - even in a secure (ha!) environment - when so much
better alternatives exist.
Let me shoot you a hypothetical: your webserver gets compromised.
Something I pointed out earlier.
and what? assuming it will actually be possible to get root access at all
because of bug it
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote:
Even 15 seconds of thinking is enough to understand that logging
to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
if someone can intercept the passwords you
Hi,
I am writing a Perl script to run on our web server. This script will
be used to create user accounts.
I can do almost every thing on the web server:
- create the home directory
- add a user in LDAP
- create the MySQL database for that user
The only thing I cannot do is to set the disk
- create the MySQL database for that user
The only thing I cannot do is to set the disk quota: the home
directory is NFS mounted from another machine acting as file server,
the quota must be edited on the file server.
How could I nicely and securely connect from the script on the web
server to
How could I nicely and securely connect from the script on the web
server to the file server, in order to edit the quota? It should be
use rsh and .rhosts :)
I do that already, not really what I call secure ;) As I put up a new
machine, I'd prefer something else.
Olivier
use rsh and .rhosts :)
I do that already, not really what I call secure ;)
Could you please explain why it is not secure in your case?
I don't know exactly the environment in your case so i can't answer for
sure, but most probably it's perfectly secure.
2009/5/28 Olivier Nicole o...@cs.ait.ac.th:
How could I nicely and securely connect from the script on the web
server to the file server, in order to edit the quota? It should be
use rsh and .rhosts :)
I do that already, not really what I call secure ;) As I put up a new
machine, I'd
use rsh and .rhosts :)
I do that already, not really what I call secure ;)
Could you please explain why it is not secure in your case?
I don't know exactly the environment in your case so i can't answer for
sure, but most probably it's perfectly secure.
Because rsh/rlogin etc. is
rsh and ssh are so similar in use there's really no point in using rsh
at all any more.
there is a point. Just try to think why instead of simply repeating a
phrase ssh is secure, rsh is not, don't use it.
___
freebsd-questions@freebsd.org mailing
2009/5/28 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl:
rsh and ssh are so similar in use there's really no point in using rsh
at all any more.
there is a point. Just try to think why instead of simply repeating a phrase
ssh is secure, rsh is not, don't use it.
rlogin has several serious
sure, but most probably it's perfectly secure.
Because rsh/rlogin etc. is unsecure in any case. I don't remember the
very bad you don't remember the details.
Let i give you an example.
I throw 1000$ on my table in my flat.
Is this money insecure?
The answer is - maybe, it's just as secure
Due to these serious problems rlogin was rarely used across untrusted networks
Good you finally pointed out the most important thing
rlogin/rsh is insecure across untrusted network
This is QUITE a difference between this and rsh is insecure. period
rsh is as secure as the communication
2009/5/28 Wojciech Puchar woj...@wojtek.tensor.gdynia.pl:
Due to these serious problems rlogin was rarely used across untrusted
networks
Good you finally pointed out the most important thing
rlogin/rsh is insecure across untrusted network
This is QUITE a difference between this and rsh is
Also, I think it's a bad idea to leave money lying round like that.
That's why we have banks. More layers.
like most people today you like overcomplexity, layers etc.
But there are still people that prefer simplicity. You should have some
respect to them.
Wojciech Puchar wrote:
Also, I think it's a bad idea to leave money lying round like that.
That's why we have banks. More layers.
like most people today you like overcomplexity, layers etc.
But there are still people that prefer simplicity. You should have some
respect to them.
Some.
respect to them.
Some. But zero sympathy the day it all blows up in their faces due to just
one little configuration error or, oops, exploit they didn't know about.
what configuration error could you imagine. In my opinion there is bigger
change to make a configuration error in more
rsh is as secure as the communication channel. If it can be considered
secure - DO USE rsh, because it's fastest as it doesn't have any
encryption overhead.
Are you on a 386?
depends, between pentium I and core2 quad.
what's a difference?
___
On Thursday 28 May 2009 08:53:23 am Wojciech Puchar wrote:
depends, between pentium I and core2 quad.
what's a difference?
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage. I'm of the opinion that most people don't need to
optimize for CPU in
On Thursday 28 May 2009 06:13:11 am Wojciech Puchar wrote:
rsh is as secure as the communication channel. If it can be considered
secure - DO USE rsh, because it's fastest as it doesn't have any
encryption overhead.
Are you on a 386?
--
Kirk Strauser
On 28/5/09 15:04, Kirk Strauser wrote:
On Thursday 28 May 2009 08:53:23 am Wojciech Puchar wrote:
depends, between pentium I and core2 quad.
what's a difference?
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage. I'm of the opinion
On Thu, 28 May 2009 12:15:22 +0100, Chris Rees utis...@googlemail.com wrote:
Also, I think it's a bad idea to leave money lying round like that.
That's why we have banks. More layers.
No. We have benks because they make it easier to steal
people's money more silently, so they notice when it's
On Thu, 28 May 2009 09:04:43 -0500, Kirk Strauser k...@strauser.com wrote:
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage. I'm of the opinion that most people don't need to
optimize for CPU in such cases when the security payoffs are so great.
2009/5/28 Polytropon free...@edvax.de:
On Thu, 28 May 2009 09:04:43 -0500, Kirk Strauser k...@strauser.com wrote:
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage. I'm of the opinion that most people don't need to
optimize for CPU in such cases
On Thu, 28 May 2009 18:04:23 +0100, Chris Rees utis...@googlemail.com wrote:
[The OP] even said 'secure' twice. There is a web server involved, meaning
possibility of compromise (we all know how secure web servers tend to
be), and then one has access to network traffic for sniffing. Also, if
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage.
probably true, i never checked actually. i just don't understand such
reasoning that you have to waste (even small) CPU power without sense.
For example local private LAN or already-encrypted VPN
good as the weakest point. Of course you can add security by
using SSH, and it's definitely indicated when doing things via
the Internet. As long as you are inside your own net, covered
from the Internet, with only trustworthy machines inside it,
you could even use telnet.
which i actually do.
I know I sound like Theo, but security and reliability are ALWAYS more
important than overhead or speed.
I really agree with You.
That's why every admin (and user too) should think about what is he/she
doing, instead of repeating the same mantras about security/insecurity of
something.
But if it is, why not? At least, the OP's description involving
some time ago i heard from linux user that rshd is removed at all because
it's insecure. Just got another example how good decision i made moving
away from it.
___
On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote:
And yes - i do log as root by insecure rsh and telnet.
OK, I'm now promoting you to batshit insane. Seriously, there's no excuse
for running telnet - even in a secure (ha!) environment - when so much
better alternatives exist.
Let
And yes - i do log as root by insecure rsh and telnet.
OK, I'm now promoting you to batshit insane. Seriously, there's no excuse
thank you very much. while i don't know exactly what is a difference
between batshit insane and insane i feel really proud!
36 matches
Mail list logo