Full Disclosure mailing list archives
Re: Re: Re: Any update on SSH brute force attempts?
From: Ronny Adsetts <ronny.adsetts () amazinginternet com>
Date: Wed, 20 Oct 2004 10:56:47 +0100
Barrie Dempster said at 19/10/2004 11:47:
Firstly, your DB would be backed up so you could restore the system, however ignoring that, and lets assume that for some reason we can't restore, which I admit is possible.
Yeah, the DB would be backed up. That's slightly different to getting remote access when the user DB is unavailable for whatever reason.
You can configure your machine to fallback onto local password files in the absence of the the LDAP server, so I would keep a local user account on the server for just such emergency scenarios.
Exactly. Fall back to the local passwd is exactly what I was saying. Using the root user in this case rather than a separate local user just means one less thing to maintain - you always have a local root anyway.
Setting up the box with a long enough random password. Big letters "In case of Emergency only".
Or, like many have suggested, allow root access with keys only.
This is in the situation where i can't get to the box locally, however I always provision for local access either in person or via a third party to any system I maintain, so I have never had to deal with this. Local access is a must in order to retain reliable uptime in my opinion.
Local tty access may be a 3 hour drive to the datacenter. Hands on help from many datacenters gives you reboots only (depending who's shift it is).
Multi-admin to me, means multi-access level, fine control and not giving any one more access than they require. I can see your point, but the technology provisions for it.
Of course, many layers, minimal access.<shrug> It's a preference thing really. I don't see that allowing remote root ssh access gives much away provided the password owners and the password are trusted.
(excellent domain/company name BTW)
Thanks. We spent ages trying to come up with something snappy, etc., and I think we'd just seen one to many things on the 'net that brought about the reaction of "That's amazing!". Like the guy with the computer comtrolled christmas lights that you can control from his website... and the Big Red Button. Heh.
Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Any update on SSH brute force attempts?, (continued)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 20)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)