From owner-freebsd-security Wed Jan 19 6:54: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 6F71A15159 for ; Wed, 19 Jan 2000 06:53:54 -0800 (PST) (envelope-from marcs@is.co.za) Received: from hermwas.is.co.za (hermwas.is.co.za [196.23.0.8]) by mercury.is.co.za (8.9.3/8.9.3) with ESMTP id QAA23787; Wed, 19 Jan 2000 16:53:50 +0200 Received: (from marcs@localhost) by hermwas.is.co.za (8.9.3/8.9.3) id QAA12314; Wed, 19 Jan 2000 16:53:50 +0200 (SAT) Date: Wed, 19 Jan 2000 16:53:50 +0200 From: Marc Silver To: Stephan van Beerschoten Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000119165350.E8404@is.co.za> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000119154348.A6412@supra.rotterdam.luna.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <20000119154348.A6412@supra.rotterdam.luna.net> X-Operating-System: SunOS 5.6 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ah ok -- I see what you mean. I suppose another way you could kind of prevent this is to use tcp_wrappers thereby being sure that only the hosts you want can get into the box. This doesn't help you if the box is already hacked, but it can help if it isn't. My two more cents... I'll keep quiet now and no offense meant by my earlier posts if you were offended btw. ;) Cheers, Marc On Wed, Jan 19, 2000 at 03:43:48PM +0100, Stephan van Beerschoten wrote: > On Wed, Jan 19, 2000 at 03:52:03PM +0200, Marc Silver wrote: > > That should never happen if this line is in your sshd_config file: > > > > PermitRootLogin no > > Well, sure this line was there, but one of the kids who hacked it > must have altered this default behaviour and placed the auth-file. > > It was just to bring the auth-file thing to everyone's attention, > because its not just the root account which can be abused like this.. > if a possible hacker placed an authorised_keys file (with his key) in > any user's homedir, this account is permanently open for the hacker to > logon to. > > Just a note. > -Steve > > -- > Stephan van Beerschoten Email: stephanb@luna.nl > Network Engineer Luna Internet Services > PGP fingerprint 4557 9761 B212 FB4C 778D 3529 C42A 2D27 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message