Date: Wed, 19 Jan 2000 13:36:13 -0800 (PST) From: net admin <admin@pacex.net> To: Marc Silver <marcs@is.co.za> Cc: Stephan van Beerschoten <stephanb@luna.nl>, freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <Pine.BSF.4.10.10001191332040.97611-100000@almazs.pacex.net> In-Reply-To: <20000119165350.E8404@is.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
I am just going to sneak in to this thread and throw-in a question; I have read in the ssh docs that tcp_wrappers do not give any added security benefits is used with ssh, and some even suggested that best not to have tcp_wrappers with ssh????\ Please elucidate as to why tcp_wrappers would give added security when used with ssh. Just seeking more info I am not in the security list yet. Dan On Wed, 19 Jan 2000, Marc Silver wrote: > Ah ok -- I see what you mean. I suppose another way you could kind of > prevent this is to use tcp_wrappers thereby being sure that only the > hosts you want can get into the box. This doesn't help you if the box > is already hacked, but it can help if it isn't. > > My two more cents... > > I'll keep quiet now and no offense meant by my earlier posts if you were > offended btw. ;) > > Cheers, > Marc > > On Wed, Jan 19, 2000 at 03:43:48PM +0100, Stephan van Beerschoten wrote: > > On Wed, Jan 19, 2000 at 03:52:03PM +0200, Marc Silver wrote: > > > That should never happen if this line is in your sshd_config file: > > > > > > PermitRootLogin no > > > > Well, sure this line was there, but one of the kids who hacked it > > must have altered this default behaviour and placed the auth-file. > > > > It was just to bring the auth-file thing to everyone's attention, > > because its not just the root account which can be abused like this.. > > if a possible hacker placed an authorised_keys file (with his key) in > > any user's homedir, this account is permanently open for the hacker to > > logon to. > > > > Just a note. > > -Steve > > > > -- > > Stephan van Beerschoten Email: stephanb@luna.nl > > Network Engineer Luna Internet Services > > PGP fingerprint 4557 9761 B212 FB4C 778D 3529 C42A 2D27 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001191332040.97611-100000>