Date: Fri, 28 Jan 2000 06:40:50 +0100 (MET) From: Marc SCHAEFER <schaefer@alphanet.ch> To: The Mad Scientist <madscientist@thegrid.net> Cc: freebsd-security@freebsd.org Subject: Re: sshd and pop/ftponly users incorrect configuration Message-ID: <Pine.LNX.4.10.10001280639290.10293-100000@vulcan.alphanet.ch> In-Reply-To: <4.1.20000127184450.0095b390@mail.thegrid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Jan 2000, The Mad Scientist wrote: > Thanks. So if I understand you correctly, if the user has no shell on the > system, they will only be able to fake their ident, yes? If they have an invalid shell, and sshd is running, and there is no DenyGroups directive, and the password is not locked, they can issue connections appearing from the attacked host, possibly bypassing logging (since those connections have IDENT == root), and possibly bypassing firewall rules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10001280639290.10293-100000>