Date: Fri, 4 Feb 2005 03:18:01 +0100 From: Danny Pansters <danny@ricin.com> To: Gert Cuykens <gert.cuykens@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ssh default security risc Message-ID: <200502040318.01703.danny@ricin.com> In-Reply-To: <ef60af09050203175930a30af9@mail.gmail.com> References: <ef60af09050203143220daf9f9@mail.gmail.com> <bf55966e0db107001d1dd92afb1e62e2@amadeus.demon.nl> <ef60af09050203175930a30af9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 4 February 2005 02:59, Gert Cuykens wrote: > the engine to start. Enabeling the ssh root is like having the remote > car key that opens every door at once so you can get in to kick his > butt :) You're overseeing one crucial thing. The attacker isn't really interested in any user account (that would merely be a means) she's interested in the root account (that would be the price). Enabling ssh login through root even though it goes through another port than 22 or even a static ssh program with some weird predefined account (call it toor ;-) nonetheless it opens a direct entry to the root account. Which wouldn't have been there otherwise. I've seen quite a few wizz bang admins at ISPs do just that. They think they can outsmart the attacker. Usually they won't. Sure they can bruteforce a user account which does have ssh access also, but they're still one step ahead (and a good password policy is a big hurdle there). And is that user part of the wheel group (e.g. an admin)? If she ain't the attacker is now two steps behind. You also should note that rooted == rooted. All is over by then. Your box is completely unreliable. E.g. if an attacker can get physical access forget it, assume he's in and everywhere. Security is about layers and in the best case totally different context and access rights and what have you between those layers. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502040318.01703.danny>