Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: Any update on SSH brute force attempts?
From: Ronny Adsetts <ronny.adsetts () amazinginternet com>
Date: Tue, 19 Oct 2004 11:00:22 +0100

Barrie Dempster said at 18/10/2004 15:39:
On Mon, 2004-10-18 at 14:01 +0100, Dave Ewart wrote:

Well yes, that's fair enough - however, allowing direct root access does
make certain things more straightforward, automated use of 'scp' etc.

Yeh, but theres only a select few people crazy enough to scp files into
places that require root access.

People that fall into the more sane side of security use less error
prone methods of updating configurations (which is what I'm guessing
your using scp here for). There are very few valid reasons to have
direct remote root access (so few I can't currently think of a one)
remote admin tasks can be carried out by means other than login in
directly as root.

How about where you have no local users except root - all other users are via LDAP or similar - and some catastrophe takes out your user DB? Allowing root ssh login will at least get you access to the box.

Allowing root ssh access but setting policy on its use seems a better option to me. And running jack the ripper on your password hashes of course.

Technical Director
Amazing Internet Ltd, London
t: +44 20 8607 9535
f: +44 20 8607 9536
w: www.amazinginternet.com

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]