> -Original Message-
> From: Sandy Rutherford [mailto:[EMAIL PROTECTED]
> Sent: Saturday, February 05, 2005 12:48 AM
> To: Ted Mittelstaedt
> Cc: Giorgos Keramidas; Gert Cuykens; freebsd-questions@freebsd.org;
> Chris Hodgins
> Subject: RE: ssh default security risc
> On Thu, 3 Feb 2005 22:54:14 -0800,
> "Ted Mittelstaedt" <[EMAIL PROTECTED]> said:
> restrictions somehow doesen't exist. Not to mention that even without a
> static IP assigned
> to your home or other locations that you normally ssh in from, it's
> pretty
> simple to block off hug
On Fri, Feb 04, 2005 at 01:04:34AM +0100, Gert Cuykens wrote:
> On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins
> <[EMAIL PROTECTED]> wrote:
> > Gert Cuykens wrote:
> > > On Thu, 03 Feb 2005 23:34:42 +, Chris Hodgins
> > > <[EMAIL PROTECTED]> wrote:
> > >
> > >>Gert Cuykens wrote:
> > >>
> >
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Giorgos
> Keramidas
> Sent: Friday, February 04, 2005 12:09 AM
> To: Ted Mittelstaedt
> Cc: freebsd-questions@freebsd.org
> Subject: Re: ssh default security risc
>
>
On 2005-02-03 22:54, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote:
>Giorgos Keramidas wrote:
>>On 2005-02-04 01:04, Gert Cuykens <[EMAIL PROTECTED]> wrote:
>>> On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins
>>> <[EMAIL PROTECTED]> wrote:
>>> True but the point is without the ssh root enabled there
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Giorgos
> Keramidas
> Sent: Thursday, February 03, 2005 10:01 PM
> To: Gert Cuykens
> Cc: freebsd-questions@freebsd.org; Chris Hodgins
> Subject: Re: ssh default security risc
&
On 2005-02-04 02:59, Gert Cuykens <[EMAIL PROTECTED]> wrote:
> [snip most of barbarous child beating suggestions]
> Enabeling the ssh root is like having the remote car key that opens
> every door at once [snip]
Which is much easier to lose at a cafeteria on a trip somewhere up North
and then disc
On 2005-02-04 01:04, Gert Cuykens <[EMAIL PROTECTED]> wrote:
> On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins
> <[EMAIL PROTECTED]> wrote:
> True but the point is without the ssh root enabled there is nothing
> you can do about it to stop them if they change your user password
What user passwor
On Fri, 4 Feb 2005 03:33:41 +0100, FreeBSD questions mailing list
<[EMAIL PROTECTED]> wrote:
>
> On 04 feb 2005, at 02:59, Gert Cuykens wrote:
>
> > On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list
> > <[EMAIL PROTECTED]> wrote:
> >> You really need to look at it from a different
On 04 feb 2005, at 02:59, Gert Cuykens wrote:
On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list
<[EMAIL PROTECTED]> wrote:
You really need to look at it from a different point of view...
If you want to prevent people from breaking into your car you lock the
doors.
Don't say "If they
On Friday 4 February 2005 02:59, Gert Cuykens wrote:
> the engine to start. Enabeling the ssh root is like having the remote
> car key that opens every door at once so you can get in to kick his
> butt :)
You're overseeing one crucial thing. The attacker isn't really interested in
any user accoun
On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list
<[EMAIL PROTECTED]> wrote:
> You really need to look at it from a different point of view...
> If you want to prevent people from breaking into your car you lock the
> doors.
> Don't say "If they break the locks and get in, I can't u
You're right, if they hack your account and change your password,
you're stuck. You can't log in and get it back. You CAN call your
provider up (who presumably has local access) and ask them to boot
into single user mode, or login directly, and change your pass/delete
the account. You can recove
If they can hack the root they can defenatly hack a user account too.
So i dont see any meaning of disabeling it.
If they can hack root they own the system and can do what they like.
By
disabling root you remove the option of this happening. Instead they
have to try and compromise a user accoun
Gert Cuykens wrote:
On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins
<[EMAIL PROTECTED]> wrote:
Gert Cuykens wrote:
On Thu, 03 Feb 2005 23:34:42 +, Chris Hodgins
<[EMAIL PROTECTED]> wrote:
Gert Cuykens wrote:
By default the root ssh is disabled. If a dedicated server x somewhere
far far away
On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins
<[EMAIL PROTECTED]> wrote:
> Gert Cuykens wrote:
> > On Thu, 03 Feb 2005 23:34:42 +, Chris Hodgins
> > <[EMAIL PROTECTED]> wrote:
> >
> >>Gert Cuykens wrote:
> >>
> >>>By default the root ssh is disabled. If a dedicated server x somewhere
> >>>f
Gert Cuykens wrote:
On Thu, 03 Feb 2005 23:34:42 +, Chris Hodgins
<[EMAIL PROTECTED]> wrote:
Gert Cuykens wrote:
By default the root ssh is disabled. If a dedicated server x somewhere
far far away doesn't have root ssh enabled the admin is pretty much
screwed if they hack his user account and
On Thu, 03 Feb 2005 23:34:42 +, Chris Hodgins
<[EMAIL PROTECTED]> wrote:
> Gert Cuykens wrote:
> > By default the root ssh is disabled. If a dedicated server x somewhere
> > far far away doesn't have root ssh enabled the admin is pretty much
> > screwed if they hack his user account and change
Gert Cuykens wrote:
By default the root ssh is disabled. If a dedicated server x somewhere
far far away doesn't have root ssh enabled the admin is pretty much
screwed if they hack his user account and change the user password
right ?
So is it not better to enable it by default ?
__
In this scenario the box has already been compromised and needs
serious attention now. Even if you have to go to the land of Far Far
away :)
On Thu, 3 Feb 2005 23:32:18 +0100, Gert Cuykens <[EMAIL PROTECTED]> wrote:
> By default the root ssh is disabled. If a dedicated server x somewhere
> far f
20 matches
Mail list logo
