Full Disclosure mailing list archives
Re: Re: Any update on SSH brute force attempts?
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 19 Oct 2004 00:56:39 -0500 (CDT)
On Mon, 18 Oct 2004, Raj Mathur wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1"Barrie" == Barrie Dempster <barrie () reboot-robot net> writes:Barrie> On Mon, 2004-10-18 at 06:41 -0500, Ron DuFresne wrote: >> Why not just disallow root logins directly, and force someone >> with a valid user account to su after getting a shell? It was >> my impression that was more standard, and if one has to allow >> remote root directly, at least restrict it to specific systems >> and users. All the places I have worked for forced the su >> after shell to root.. Barrie> I'm in agreement with this, as well as combining this with Barrie> use of sudo for common functions requiring root privs Barrie> (such as using tools requiring raw socks support for Barrie> instance) meaning you rarely have to become root and the Barrie> root account becomes slightly more difficult to Barrie> compromise. Using su forces the use of passwords, which are difficult to manage in a multi-admin scenario. For instance, you may have to give the root password to 3 different people (1 in each 8-hour shift). What happens when one of these people leaves the organisation? You change the root password and intimate the remaining two, as well as the replacement, of the new root password.
Not at all, if they are not on the list of admins that require root to do their jobs, whose processes include a way to routinly change the passwd, and distribute it in a secure manner <face to face>, then they don;t get the passwd fer root. Temp needs of root level access can be done through sudo or similiar tools, and limiting what those users have access to. anything more requires and admin to do the job and make sure it's done correctly. Oh, and the help desk is *not* on the list of those to whom the root passwd should be made available. They may end up distributing it over the phone or via e-mails to just about anyone that calls for access.... Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Any update on SSH brute force attempts?, (continued)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Re: Any update on SSH brute force attempts? Frank Knobbe (Oct 16)
- Message not available
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Re: Any update on SSH brute force attempts? Tim (Oct 16)
- RE: Re: Any update on SSH brute force attempts? Sean Crawford (Oct 16)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 20)