nanog mailing list archives

Re: Remote Shell

From: "Roeland M.J. Meyer" <rmeyer () mhsc com>
Date: Tue, 29 Sep 1998 01:17:55 -0700

I didn't come up with this one. But, for the truely security concious, the
machine that has this kind of access has no lusers on it anyway. The hosts
that our customers are on are administered, not administrators. Besides,
for security reasons, only employees have shell accounts and even most of
them do not, only SAs and developers, on as-needed basis. Our NOC machines
don't even have developers (which is where this sort of thing would be done
from). I think it's a cute idea and I'm going to try it. BTW, everyone here
has WinNT as their workstation O/S. The Linux boxen are strictly servers,
even me.

At 01:16 AM 9/29/98 -0400, Adam D. McKenna wrote:

This will work if you have no passphrase on your RSA key.  This is a *really*
stupid thing to do, IMHO, especially to a root account, as anyone who manages
to get access to your ~/.ssh/identity file will be able to log into any host
that you have set this up on, without a password.  While it's a little more
secure than .rhosts authentication, the absence of any kind of
password/passphrase validation makes it (again IMHO) an undesirable option

for

the security conscious.

--Adam
-----Original Message-----
From: Zachary McGibbon <mzac () uunet ca>
To: Roeland M.J. Meyer <rmeyer () mhsc com>
Cc: Benicio Miguel Sanchez Fuentes <bsanchez () alestra com mx>; NorthAm Net Ops
Grp List <nanog () merit edu>
Date: Tuesday, September 29, 1998 1:42 AM
Subject: Re: Remote Shell

You can perform 'rsh' type commands with ssh as well... here's an example:

/# ssh servername w
root@servername's password: <type password here>
10:45pm  up 19 days,  6:31,  2 users,  load average: 0.18, 0.11, 0.09
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
root     ttyp0    client            8:08pm  2:37m  0.27s  0.10s

You can also setup authorized keys on the server side.  In your home dir
on the server, go into the '.ssh' dir, and create a file called
'authorized_keys', then on your workstation, type 'ssh-keygen'.  In your
home dir, go into '.ssh' and take the contents of 'identity.pub' and copy
that to the 'authorized_keys' on the server side.  Then 'chmod 600
authorized_keys' on the server side.  Then it won't ask you for a password
when you ssh to that machine.  It's usefull if you want to set this up as
a cronjob to do something on a remote machine.

On Mon, 28 Sep 1998, Roeland M.J. Meyer wrote:

Set up SSH <http://www.datafellows.com> and open port 22. I would NOT allow
plain ol' telnet over the Internet. SSH is free for non-commercial use and
is works quite well under HP-UX.



At 01:32 PM 9/28/98 -0500, you wrote:

I need to give remote shell access to a user in a server (an HP-9000 k410
running HP-UX 10.10) conected to mine through a 3Com router, I have done
some investigation and what I have found is that I have to open port  514
for tcp, for some reason this did not work, so I opened (temporarily of
course) all the ports on the router....and it worked, but  I don´t want to
leave it like that, Does anyone now what port(s)  I need to leave open to
alow the remote shells?.

Is there any configuration needed other than the equiv.hosts and (or) the
.rhosts files ?

Thanks in advance for your answers

Benicio Sanchez
Network Operations Engineer
Alestra


_________________________________________________
Morgan Hill Software Company, Inc.
Colorado Springs, CO - Livermore, CA - Morgan Hill,
CA
Domain Administrator
MHSC2-DOM and MHSC3-DOM
Administrative and Technical contact
____________________________________________
InterNIC Id: MHSC hostmaster (HM239-ORG)
e-mail: <mailto:hostmaster () mhsc com>mailto:hostmaster () mhsc com

web -pages: <http://www.mhsc.com/>http://www.mhsc.com/
____________________________________________
A group of politicians deciding to dump a President because his morals
are bad is like the Mafia getting together to bump off the Godfather for
not going to church on Sunday.
                -- Russell Baker



Zachary McGibbon
mzac () uunet ca


_________________________________________________ 
Morgan Hill Software Company, Inc. 
Colorado Springs, CO - Livermore, CA - Morgan Hill,
CA                                    
Domain Administrator 
MHSC2-DOM and MHSC3-DOM
Administrative and Technical contact 
____________________________________________ 
InterNIC Id: MHSC hostmaster (HM239-ORG) 
e-mail: <mailto:hostmaster () mhsc com>mailto:hostmaster () mhsc com 
web -pages: <http://www.mhsc.com/>http://www.mhsc.com/ 
____________________________________________ 
A group of politicians deciding to dump a President because his morals
are bad is like the Mafia getting together to bump off the Godfather for
not going to church on Sunday.
                -- Russell Baker

Current thread:

Remote Shell Benicio Miguel Sanchez Fuentes (Sep 28)
- Re: Remote Shell Roeland M.J. Meyer (Sep 28)
  - Re: Remote Shell Zachary McGibbon (Sep 28)
    - Re: Remote Shell Chris Cappuccio (Sep 28)
- <Possible follow-ups>
- Re: Remote Shell Sudeep_Khuraijam (Sep 28)
- Re: Remote Shell Adam D. McKenna (Sep 28)
  - Re: Remote Shell Roeland M.J. Meyer (Sep 29)
  - Re: Remote Shell Ingo Luetkebohle (Sep 29)