Ed Wilts wrote:
It's also interesting to note that by default, wu-ftpd will log the
security violation attempt but sftp won't. You can make as many
attempts to hunt around and see what files you are allowed to transfer,
and in fact transfer everything, and the sysadmin will never know what
you'v
On Tue, Nov 26, 2002 at 02:04:13PM -0600, Randy Kelsoe wrote:
> Justin Zygmont wrote:
>
> >If you have root jailed users by configuring the ftpaccess file, but have
> >ssh installed, all they have to do is sftp in and go wherever they want.
> >It's a relief to know that at least they can't grab
Justin Zygmont wrote:
If you have root jailed users by configuring the ftpaccess file, but have
ssh installed, all they have to do is sftp in and go wherever they want.
It's a relief to know that at least they can't grab the shadow file too.
I just found a quck way to disable this however, i
Pavel Rozenboim wrote:
Actually, I just successfully ftpd as root and fetched /etc/shadow with
sftp.
Well, you cheated. :) Try that again as a non-root user.
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
On Tuesday 26 November 2002 09:33, Pavel Rozenboim wrote:
> Actually, I just successfully ftpd as root and fetched /etc/shadow with
> sftp.
A) thats as root. Root has access to all files.
B) if you can sftp in as root, you can also ssh in as root, and do much worse
than look at the shadow file.
Actually, I just successfully ftpd as root and fetched /etc/shadow with
sftp.
> -Original Message-
> From: Justin Zygmont [mailto:[EMAIL PROTECTED]]
> Sent: Tue, November 26, 2002 7:26 PM
> To: Randy Kelsoe
> Cc: [EMAIL PROTECTED]
> Subject: Re: Seeing who is logged in t
If you have root jailed users by configuring the ftpaccess file, but have
ssh installed, all they have to do is sftp in and go wherever they want.
It's a relief to know that at least they can't grab the shadow file too.
I just found a quck way to disable this however, in the
/etc/ssh/sshd_con
Ed Wilts wrote:
In many cases, ftp is *more* secure than sftp. With ftp, you have a lot
of control over who can do what through the ftpaccess file (in wu-ftpd).
With sftp, it's a free-for-all.
In very practical terms, the odds of anybody being able to sniff
passwords these days is very slim. T
On Tue, Nov 26, 2002 at 01:44:30AM -0600, Randy Kelsoe wrote:
> You should not be
> using ftp, though. Try sftp. With ftp, your passwords are sent in plain
> text.
In many cases, ftp is *more* secure than sftp. With ftp, you have a lot
of control over who can do what through the ftpaccess file
On 26 Nov 2002 02:28:04 -0500
Chris Kloiber <[EMAIL PROTECTED]> wrote:
>
> Not sure how to check who's in with ftp, but if you ssh in you can type:
>
> # who
for ftp use
#ftpwho
Kind regards
Kevin
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy
Dont forget the good old UNIX commandline of 'who'
The above will just give you a list of all the users currently connected
and their ttys/whatevers and then you can identify what processes that
tty is using by a ps -e |grep the tty/whatever.
> Thanks for the tip. I totally forgot how insecure f
Thanks for the tip. I totally forgot how insecure ftp is.
On Tue, 2002-11-26 at 02:44, Randy Kelsoe wrote:
> Joshua Melbourne White wrote:
>
> >I am extremely new to Linux and I am finally learning the power you can
> >have with Linux. I have SSH and FTP services running and I can log in
> >and
Joshua Melbourne White wrote:
I am extremely new to Linux and I am finally learning the power you can
have with Linux. I have SSH and FTP services running and I can log in
and whatever remotely which is awesome. However, how can I see who is
currently logged into my system? Is there any GUI pr
On Tue, 2002-11-26 at 02:15, Joshua Melbourne White wrote:
> I am extremely new to Linux and I am finally learning the power you can
> have with Linux. I have SSH and FTP services running and I can log in
> and whatever remotely which is awesome. However, how can I see who is
> currently logged i
I am extremely new to Linux and I am finally learning the power you can
have with Linux. I have SSH and FTP services running and I can log in
and whatever remotely which is awesome. However, how can I see who is
currently logged into my system? Is there any GUI program that shows
who is currentl
15 matches
Mail list logo
