Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: open telnet port

From: Andrew Haninger <ahaning () gmail com>
Date: Thu, 9 Sep 2004 09:41:20 -0400
How about, as a service to enable as you are updating SSH remotely from
the other side of the country to fix the most recent problem security
problem and need a backup system to get into the server in the event
that something goes wrong?

Maybe it would work as well, to start a ssh daemon on a high port,
login on that high port, update the current sshd, start it up on port
22, logout of the high port, login on port 22, and kill the high-port
sshd.

So,

[foo () box com ~] sshd -p 6000
[bar () xob com ~] ssh foo () box com -p 6000
[foo () box com ~] [kill sshd running on port 22]
[foo () box com ~] [make and install new sshd]
[foo () box com ~] sshd
[bar () xob com ~] ssh foo () box com
[kill sshd running on port 6000]

This would nearly eliminate any danger due to your insecure version of
sshd since it would be running on a non-standard port for a brief
period of time, and you would not be passing any passwords in the
clear.

-Andy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: