Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Jan 2000 16:53:50 +0200
From:      Marc Silver <marcs@is.co.za>
To:        Stephan van Beerschoten <stephanb@luna.nl>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: ssh-feature 'backdoor'
Message-ID:  <20000119165350.E8404@is.co.za>
In-Reply-To: <20000119154348.A6412@supra.rotterdam.luna.net>
References:  <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000119154348.A6412@supra.rotterdam.luna.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Ah ok -- I see what you mean.  I suppose another way you could kind of
prevent this is to use tcp_wrappers thereby being sure that only the
hosts you want can get into the box.  This doesn't help you if the box
is already hacked, but it can help if it isn't.

My two more cents...  

I'll keep quiet now and no offense meant by my earlier posts if you were
offended btw.  ;)

Cheers,
Marc

On Wed, Jan 19, 2000 at 03:43:48PM +0100, Stephan van Beerschoten wrote:
> On Wed, Jan 19, 2000 at 03:52:03PM +0200, Marc Silver wrote:
> > That should never happen if this line is in your sshd_config file:
> > 
> > PermitRootLogin no
> 
> Well, sure this line was there, but one of the kids who hacked it
> must have altered this default behaviour and placed the auth-file.
> 
> It was just to bring the auth-file thing to everyone's attention,
> because its not just the root account which can be abused like this..
> if a possible hacker placed an authorised_keys file (with his key) in
> any user's homedir, this account is permanently open for the hacker to
> logon to.
> 
> Just a note.
> -Steve
> 
> -- 
> Stephan van Beerschoten             Email: stephanb@luna.nl 
> Network Engineer                    Luna Internet Services 
>  PGP fingerprint 4557 9761 B212 FB4C  778D 3529 C42A 2D27


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000119165350.E8404>