Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: Any update on SSH brute force attempts?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 19 Oct 2004 11:47:56 +0100

On Tue, 2004-10-19 at 11:00 +0100, Ronny Adsetts wrote:
How about where you have no local users except root - all other users are via 
LDAP or similar - and some catastrophe takes out your user DB? Allowing root 
ssh login will at least get you access to the box.

Allowing root ssh access but setting policy on its use seems a better option 
to me. And running jack the ripper on your password hashes of course.


Firstly, your DB would be backed up so you could restore the system,
however ignoring that, and lets assume that for some reason we can't
restore, which I admit is possible.

You can configure your machine to fallback onto local password files in
the absence of the the LDAP server, so I would keep a local user account
on the server for just such emergency scenarios.
This is in the situation where i can't get to the box locally, however I
always provision for local access either in person or via a third party
to any system I maintain, so I have never had to deal with this. Local
access is a must in order to retain reliable uptime in my opinion.

Multi-admin to me, means multi-access level, fine control and not giving
any one more access than they require. I can see your point, but the
technology provisions for it.

(excellent domain/company name BTW)


Barrie Dempster (zeedo) - Fortiter et Strenue


[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]