North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Remote Shell
I didn't come up with this one. But, for the truely security concious, the machine that has this kind of access has no lusers on it anyway. The hosts that our customers are on are administered, not administrators. Besides, for security reasons, only employees have shell accounts and even most of them do not, only SAs and developers, on as-needed basis. Our NOC machines don't even have developers (which is where this sort of thing would be done from). I think it's a cute idea and I'm going to try it. BTW, everyone here has WinNT as their workstation O/S. The Linux boxen are strictly servers, even me. At 01:16 AM 9/29/98 -0400, Adam D. McKenna wrote: >This will work if you have no passphrase on your RSA key. This is a *really* >stupid thing to do, IMHO, especially to a root account, as anyone who manages >to get access to your ~/.ssh/identity file will be able to log into any host >that you have set this up on, without a password. While it's a little more >secure than .rhosts authentication, the absence of any kind of >password/passphrase validation makes it (again IMHO) an undesirable option for >the security conscious. > >--Adam >-----Original Message----- >From: Zachary McGibbon <[email protected]> >To: Roeland M.J. Meyer <[email protected]> >Cc: Benicio Miguel Sanchez Fuentes <[email protected]>; NorthAm Net Ops >Grp List <[email protected]> >Date: Tuesday, September 29, 1998 1:42 AM >Subject: Re: Remote Shell > > >You can perform 'rsh' type commands with ssh as well... here's an example: > >/# ssh servername w >[email protected]'s password: <type password here> >10:45pm up 19 days, 6:31, 2 users, load average: 0.18, 0.11, 0.09 >USER TTY FROM [email protected] IDLE JCPU PCPU WHAT >root ttyp0 client 8:08pm 2:37m 0.27s 0.10s > >You can also setup authorized keys on the server side. In your home dir >on the server, go into the '.ssh' dir, and create a file called >'authorized_keys', then on your workstation, type 'ssh-keygen'. In your >home dir, go into '.ssh' and take the contents of 'identity.pub' and copy >that to the 'authorized_keys' on the server side. Then 'chmod 600 >authorized_keys' on the server side. Then it won't ask you for a password >when you ssh to that machine. It's usefull if you want to set this up as >a cronjob to do something on a remote machine. > > >On Mon, 28 Sep 1998, Roeland M.J. Meyer wrote: > >> Set up SSH <http://www.datafellows.com> and open port 22. I would NOT allow >> plain ol' telnet over the Internet. SSH is free for non-commercial use and >> is works quite well under HP-UX. >> >> >> >> At 01:32 PM 9/28/98 -0500, you wrote: >> >I need to give remote shell access to a user in a server (an HP-9000 k410 >> >running HP-UX 10.10) conected to mine through a 3Com router, I have done >> >some investigation and what I have found is that I have to open port 514 >> >for tcp, for some reason this did not work, so I opened (temporarily of >> >course) all the ports on the router....and it worked, but I don�t want to >> >leave it like that, Does anyone now what port(s) I need to leave open to >> >alow the remote shells?. >> > >> >Is there any configuration needed other than the equiv.hosts and (or) the >> >.rhosts files ? >> > >> >Thanks in advance for your answers >> > >> >Benicio Sanchez >> >Network Operations Engineer >> >Alestra >> > >> >> _________________________________________________ >> Morgan Hill Software Company, Inc. >> Colorado Springs, CO - Livermore, CA - Morgan Hill, >> CA >> Domain Administrator >> MHSC2-DOM and MHSC3-DOM >> Administrative and Technical contact >> ____________________________________________ >> InterNIC Id: MHSC hostmaster (HM239-ORG) >> e-mail: <mailto:[email protected]>mailto:[email protected] >> web -pages: <http://www.mhsc.com/>http://www.mhsc.com/ >> ____________________________________________ >> A group of politicians deciding to dump a President because his morals >> are bad is like the Mafia getting together to bump off the Godfather for >> not going to church on Sunday. >> -- Russell Baker >> > > >Zachary McGibbon >[email protected] > _________________________________________________ Morgan Hill Software Company, Inc. Colorado Springs, CO - Livermore, CA - Morgan Hill, CA����������������������������������� Domain Administrator MHSC2-DOM and MHSC3-DOM Administrative and Technical contact ____________________________________________ InterNIC Id: MHSC hostmaster (HM239-ORG) e-mail: <mailto:[email protected]>mailto:[email protected] web -pages: <http://www.mhsc.com/>http://www.mhsc.com/ ____________________________________________ A group of politicians deciding to dump a President because his morals are bad is like the Mafia getting together to bump off the Godfather for not going to church on Sunday. -- Russell Baker
|