nanog mailing list archives

Re: Rootshell pages hacked

From: "John P. Reddy" <jreddy () lightning net>
Date: Mon, 02 Nov 1998 10:10:21 -0500

At 09:51 AM 11/2/98 -0500, Adam Rothschild wrote:

On Mon, 2 Nov 1998, Alex P. Rudnev wrote:

problem, UNIX one-time passwords are real problem. Another bad problem is 
_the same UNIX password for all purposes_ - I can sniff your FTP password 
and use it for SSH access (for example).


Very true.  Then again, FTP'ing in cleartext is kinda stupid in and of
itself.  Why not just FTP thru an SSH tunnel?  Or, if you're up for
an adventure (and a not-totally-complete(TM) spec), try the secure file
xfer stuff in SSH2...


Or, for the unix-inclined, scp works rather well under SSH 1.2.x

--
My public PGP key may be found at http://www.lightning.net/~jreddy
John Patrick Reddy                        Sr. System Administrator
Lightning Internet Services, LLC.         Tel.(516)248-8400x123
327 Sagamore Ave                          Pag.(888)935-2700
Mineola, NY 11501                         Fax.(516)248-8897

Current thread:

Re: Rootshell pages hacked Adam D. McKenna (Nov 01)
- Re: Rootshell pages hacked Paul Vixie (Nov 01)
  - Re: Rootshell pages hacked Henry Linneweh (Nov 01)
- <Possible follow-ups>
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 02)
  - Re: Rootshell pages hacked Adam Rothschild (Nov 02)
    - Re: Rootshell pages hacked John P. Reddy (Nov 02)
    - Re: Rootshell pages hacked Mikael Abrahamsson (Nov 02)
- Re: Rootshell pages hacked John Hawkinson (Nov 02)
- Re: Rootshell pages hacked Adam D. McKenna (Nov 02)
- Re: Rootshell pages hacked themonk (Nov 02)
- Re: Rootshell pages hacked Ryan Pavely (Nov 02)
  - Re: Rootshell pages hacked alex (Nov 02)
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 05)
  - Re: Rootshell pages hacked Michael Freeman (Nov 05)
    - old s/key patch for SSH (was Re: Rootshell pages hacked) John Hensley (Nov 05)
    - Re: Rootshell pages hacked Alex P. Rudnev (Nov 05)

(Thread continues...)