On Sat, Apr 07, 2001 at 02:53:13AM +0100, M. Drew Streib wrote:
> The net-net is:
>
> On the box accepting the connection w/o a password from another box with
> the private key, the security of the accepting box is _only_ as good as
> the account on the originating box.
Strike that "w/o a passwo
In article <005691001131455102L112*@MHS>, <[EMAIL PROTECTED]> wrote:
>chroot does nothing to hide uid 0. It makes a subdirectory appear as /,
>so you can give somebody access to /publicdirectory, and to them it's
>/... they can't cd out of that heirarchy to the rest of your filesystem.
>No h
[EMAIL PROTECTED]@[EMAIL PROTECTED] on 04/07/2001 06:57:14 AM
Sent by:[EMAIL PROTECTED]
To: [EMAIL PROTECTED]@SMTP
cc: [EMAIL PROTECTED]@SMTP
Subject: Re: Rsync: Re: password prompts
Classification:
Lachlan,
Thanks for the response! I haven't tried it yet, but does
;
I'm sure somebody like Martin could use this, run as nobody, to get a root shell, but
it would sure keep me out.
Tim Conway
[EMAIL PROTECTED]
303.682.4917
Philips Semiconductor - Colorado TC
1880 Industrial Circle
Suite D
Longmont, CO 80501
[EMAIL PROTECTED]@[EMAIL PROTECTED] on 04
On Sat, Apr 07, 2001 at 08:00:19PM +0100, L. Cranswick wrote:
> FTP and Rsync via SSH to update files - how many users do this?
> I don't think I have persuaded one person to do this - they all
> think it too inconvenient - too much new stuff to learn - and it
> takes discipline to stick with it.
Rob,
Thanks for the explanation!
Randy Kramer
Rob Russell wrote:
> chroot is the act of changing the root directory of a filesystem as it
> appears to the process. (man 1 chroot)
>
> So, if I make an [x]inetd entry that calls "chroot /var/ssh sshd" instead
> of sshd, then when inetd passes th
On Sat, 7 Apr 2001, Randy Kramer wrote:
> I don't think our descriptions are very different, but why, once you
> create the account with restricted file permission is it called
> "chrooted" -- does the user of the account think it's a root account, or
> is it just that it's his "root" account, as
On Sat, 7 Apr 2001, L. Cranswick wrote:
> > So I recompiled OpenSSH to use a different port, and have a different name
> > (BrokenSSH, or "bs" for short). I installed it on the receiving box in a
> > chrooted environment, configured its sshd_config and ran it thorugh tcp
> > wrappers so that onl
Lachlan,
Thanks for the further response!
L. Cranswick wrote:
> (Sorry for previous Emails dated 1991 -
No problem!
> On a general discussion on using a passphrase/password based approach:
> A silly question from me. Why would you need both a public file
> and a passphrase?
As I understan
>
> > Indeed, the biggest reason to use an external ssh program is that it
> > makes security updates *someone else's* problem -- ideally someone who
> > cares and/or is good at it. ("Put all your eggs in one basket and
> > *watch that basket*" :-) Seriously, when an ssh bug comes up (and more
>
> Thanks for the response! I haven't tried it yet, but does ssh with a
> passphrase address your concern? If somebody steals your private key
> can it be used without the passphrase?
(Sorry for previous Emails dated 1991 - have to do this to
run an old freeware DOS scientific analysis program
On 7 Apr 2001, Mark W. Eichin wrote:
> Indeed, the biggest reason to use an external ssh program is that it
> makes security updates *someone else's* problem -- ideally someone who
> cares and/or is good at it. ("Put all your eggs in one basket and
> *watch that basket*" :-) Seriously, when an s
> >As for implementing ssh inside of rsync, I'd like to continue to reiterate
> >what a bad idea I think that is. Security is enough pain without worrying
Indeed, the biggest reason to use an external ssh program is that it
makes security updates *someone else's* problem -- ideally someone who
ca
Lachlan,
Thanks for the response! I haven't tried it yet, but does ssh with a
passphrase address your concern? If somebody steals your private key
can it be used without the passphrase?
Thanks,
Randy Kramer
PS: Thanks for the discussion. From what you've said and other things
I've heard befo
>Not fully understanding the ramifications of chroot (as a Linux newbie)
>I don't really know whether limiting someone's access by chrooting is
>any more effective than limiting his access based on privileges provided
>to his account.
Re: rsync, ssh, security and keeping hackers out. (just my
Hello Lachlan,
Lachlan Cranswick wrote:
> (Before waffling on a side tracked issue - there is still a
> request for good web based passwordless ssh tutorials)
I don't really have anything to offer -- I learned some about public /
private key systems over a lot of years starting with a signature
>As for implementing ssh inside of rsync, I'd like to continue to reiterate
>what a bad idea I think that is. Security is enough pain without worrying
>about every program carrying its own security model and implementation (and
>possible exploits).
What if such a feature was an optional module t
Hi Randy (and rsync list),
(Before waffling on a side tracked issue - there is still a
request for good web based passwordless ssh tutorials)
I must apologise as usual for poor elaboration of my
paranoia against passwordless ssh.
I roughly agree with your assessment. However, the thing that
On Fri, Apr 06, 2001 at 09:33:04PM -0400, Randy Kramer wrote:
> Now, I may be wrong in my understanding, but, for a moment, please
> assume I'm right. If I am right, and the security provided by a
> passwordless ssh connection is just as good as, for example, PGP (assume
> I'm right about that to
Lachlan,
Excuse me for jumping into this discussion, especially being something
of a newbie.
As I understand ssh without passwords, it is very secure because it is
based on a public / private key scheme, something like PGP. When you
set up a passwordless ssh system, you create a public and priv
Might there be a good set of tutorials on the web on
how to do this while minimizing the risk of exposing
systems as a consequence? (setup of private/public
identity files that minimize the risk of hackers getting
passwordless access to other remote machines).
I must admit hating the passwordl
21 matches
Mail list logo
