same user password somewhere else.
The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication
channel.
I think most people using ssh already know it. or maybe not?:)
An attacker may be able to intercept the encrypted
traffic,
Wojciech Puchar wrote:
> > Wojciech Puchar wrote:
> >
> >> Even 15 seconds of thinking is enough to understand that logging
> >> to other user and then su - gives completely no extra security.
> >
> > I don't buy this, given that root's login name is well known :)
>
> if someone can intercept th
But we're talking about vulnerability to dictionary and brute-force
attacks. You'd have to first:
Ascertain a username in the wheel group.
As time needed to brute-force crack any of my password is incomparably
longer than the age of universe, this is not an argument.
It's just a matter to us
2009/5/29 Wojciech Puchar :
>> Wojciech Puchar wrote:
>>
>>> Even 15 seconds of thinking is enough to understand that logging
>>> to other user and then su - gives completely no extra security.
>>
>> I don't buy this, given that root's login name is well known :)
>
> if someone can intercept the p
for running telnet - even in a "secure" (ha!) environment - when so much
better alternatives exist.
Let me shoot you a hypothetical: your webserver gets compromised.
Something I pointed out earlier.
and what? assuming it will actually be possible to get root access at all
because of bug it su
Wojciech Puchar wrote:
Even 15 seconds of thinking is enough to understand that logging
to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
if someone can intercept the passwords you type, then he/she will
intercep
Wojciech Puchar wrote:
> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
If a system accepts remote root logins, an attacker need only guess
or inte
2009/5/28 Kirk Strauser :
> On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote:
>
>> And yes - i do log as root by "insecure" rsh and telnet.
>
> OK, I'm now promoting you to "batshit insane". Seriously, there's no excuse
> for running telnet - even in a "secure" (ha!) environment - when so
And yes - i do log as root by "insecure" rsh and telnet.
OK, I'm now promoting you to "batshit insane". Seriously, there's no excuse
thank you very much. while i don't know exactly what is a difference
between "batshit insane" and "insane" i feel really proud!
___
On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote:
> And yes - i do log as root by "insecure" rsh and telnet.
OK, I'm now promoting you to "batshit insane". Seriously, there's no excuse
for running telnet - even in a "secure" (ha!) environment - when so much
better alternatives exist.
But if it is, why not? At least, the OP's description involving
some time ago i heard from linux user that rshd is removed at all "because
it's insecure". Just got another example how good decision i made moving
away from it.
___
freebsd-questions@f
I know I sound like Theo, but security and reliability are ALWAYS more
important than overhead or speed.
I really agree with You.
That's why every admin (and user too) should think about what is he/she
doing, instead of repeating the same mantras about security/insecurity of
something.
_
good as the weakest point. Of course you can add security by
using SSH, and it's definitely indicated when doing things via
the Internet. As long as you are inside your own net, covered
from the Internet, with only trustworthy machines inside it,
you could even use telnet.
which i actually do. e
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage.
probably true, i never checked actually. i just don't understand such
reasoning that you have to waste (even small) CPU power without sense.
For example local private LAN or already-encrypted VPN n
On Thu, 28 May 2009 18:04:23 +0100, Chris Rees wrote:
> [The OP] even said 'secure' twice. There is a web server involved, meaning
> possibility of compromise (we all know how secure web servers tend to
> be), and then one has access to network traffic for sniffing. Also, if
> this is for quotas,
2009/5/28 Polytropon :
> On Thu, 28 May 2009 09:04:43 -0500, Kirk Strauser wrote:
>> Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
>> breaking 10% CPU usage. I'm of the opinion that most people don't need to
>> optimize for CPU in such cases when the security payoffs ar
On Thu, 28 May 2009 09:04:43 -0500, Kirk Strauser wrote:
> Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
> breaking 10% CPU usage. I'm of the opinion that most people don't need to
> optimize for CPU in such cases when the security payoffs are so great.
As Wojciech p
On Thu, 28 May 2009 12:15:22 +0100, Chris Rees wrote:
> Also, I think it's a bad idea to leave money lying round like that.
> That's why we have banks. More layers.
No. We have benks because they make it easier to steal
people's money more silently, so they notice when it's
too late. Special offe
On 28/5/09 15:04, Kirk Strauser wrote:
> On Thursday 28 May 2009 08:53:23 am Wojciech Puchar wrote:
>
>
>> depends, between pentium I and core2 quad.
>>
>> what's a difference?
>>
>
> Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
> breaking 10% CPU usage. I'm of
On Thursday 28 May 2009 06:13:11 am Wojciech Puchar wrote:
> rsh is as secure as the communication channel. If it can be considered
> secure - DO USE rsh, because it's fastest as it doesn't have any
> encryption overhead.
Are you on a 386?
--
Kirk Strauser
___
On Thursday 28 May 2009 08:53:23 am Wojciech Puchar wrote:
> depends, between pentium I and core2 quad.
>
> what's a difference?
Well, I can transfer 25MB/s between hosts on the LAN without my CPU ever
breaking 10% CPU usage. I'm of the opinion that most people don't need to
optimize for CPU i
rsh is as secure as the communication channel. If it can be considered
secure - DO USE rsh, because it's fastest as it doesn't have any
encryption overhead.
Are you on a 386?
depends, between pentium I and core2 quad.
what's a difference?
___
freeb
respect to them.
Some. But zero sympathy the day it all blows up in their faces due to just
one little configuration error or, oops, exploit they didn't know about.
what configuration error could you imagine. In my opinion there is bigger
change to make a configuration error in more sophist
Wojciech Puchar wrote:
Also, I think it's a bad idea to leave money lying round like that.
That's why we have banks. More layers.
like most people today you like overcomplexity, layers etc.
But there are still people that prefer simplicity. You should have some
respect to them.
Some. But
Also, I think it's a bad idea to leave money lying round like that.
That's why we have banks. More layers.
like most people today you like overcomplexity, layers etc.
But there are still people that prefer simplicity. You should have some
respect to them.
_
2009/5/28 Wojciech Puchar :
>> Due to these serious problems rlogin was rarely used across untrusted
>> networks
>
> Good you finally pointed out the most important thing
>
> "rlogin/rsh is insecure across untrusted network"
>
> This is QUITE a difference between this and "rsh is insecure. period"
Due to these serious problems rlogin was rarely used across untrusted networks
Good you finally pointed out the most important thing
"rlogin/rsh is insecure across untrusted network"
This is QUITE a difference between this and "rsh is insecure. period"
rsh is as secure as the communication ch
sure, but most probably it's perfectly secure.
Because rsh/rlogin etc. is unsecure in any case. I don't remember the
very bad you don't remember the details.
Let i give you an example.
I throw 1000$ on my table in my flat.
Is this money insecure?
The answer is - maybe, it's just as secure
2009/5/28 Wojciech Puchar :
>> rsh and ssh are so similar in use there's really no point in using rsh
>> at all any more.
>
> there is a point. Just try to think why instead of simply repeating a phrase
> "ssh is secure, rsh is not, don't use it".
>
rlogin has several serious security problems:
rsh and ssh are so similar in use there's really no point in using rsh
at all any more.
there is a point. Just try to think why instead of simply repeating a
phrase "ssh is secure, rsh is not, don't use it".
___
freebsd-questions@freebsd.org mailing
> >> use rsh and .rhosts :)
> >
> > I do that already, not really what I call secure ;)
>
> Could you please explain why it is not secure in your case?
>
> I don't know exactly the environment in your case so i can't answer for
> sure, but most probably it's perfectly secure.
Because rsh/rlogin
2009/5/28 Olivier Nicole :
>> > How could I nicely and securely connect from the script on the web
>> > server to the file server, in order to edit the quota? It should be
>> use rsh and .rhosts :)
>
> I do that already, not really what I call secure ;) As I put up a new
> machine, I'd prefer somet
use rsh and .rhosts :)
I do that already, not really what I call secure ;)
Could you please explain why it is not secure in your case?
I don't know exactly the environment in your case so i can't answer for
sure, but most probably it's perfectly secure.
> > How could I nicely and securely connect from the script on the web
> > server to the file server, in order to edit the quota? It should be
> use rsh and .rhosts :)
I do that already, not really what I call secure ;) As I put up a new
machine, I'd prefer something else.
Olivier
___
- create the MySQL database for that user
The only thing I cannot do is to set the disk quota: the home
directory is NFS mounted from another machine acting as file server,
the quota must be edited on the file server.
How could I nicely and securely connect from the script on the web
server to t
Hi,
I am writing a Perl script to run on our web server. This script will
be used to create user accounts.
I can do almost every thing on the web server:
- create the home directory
- add a user in LDAP
- create the MySQL database for that user
The only thing I cannot do is to set the disk quot
36 matches
Mail list logo
