From owner-freebsd-questions  Sun May 27  6:30:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112])
	by hub.freebsd.org (Postfix) with ESMTP id AE72237B423
	for <questions@FreeBSD.ORG>; Sun, 27 May 2001 06:30:07 -0700 (PDT)
	(envelope-from wmoran@iowna.com)
Received: from iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38])
	by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f4RDQvk17885;
	Sun, 27 May 2001 09:26:57 -0400 (EDT)
Message-ID: <3B110110.FF99F8EC@iowna.com>
Date: Sun, 27 May 2001 09:28:48 -0400
From: Bill Moran <wmoran@iowna.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: David Banning <david@banning.com>
Cc: questions@FreeBSD.ORG
Subject: Re: security question
References: <200105260324.f4Q3OrH00551@d.tracker> <3B0FC0D0.28E01292@iowna.com> <20010527003923.A1691@yahoo.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

David Banning wrote:

> > A similar scenerio could occur with webmin or ftp. If you'd like to see
> > a demonstration, I'd be happy to arrange it, I've done it for other
> > folks to scare them into sanity.
> How does the demonstration go?

Basically, I set up three temporary machines (or set up a temp login on
one machine) We assume that I've cracked machine "A" and you then log in
to machine "B" via telnet from machine "C". I then show you that I've
sniffed your password and can now log into machine "B". To increase the
shock value, I can have you su to root via telnet, which then gives me
root access to machine "B".
For the total demonstration, I repeate the steps with ssh to show that
it's not possible to get passwords by sniffing ssh.
I've actually only given this demonstration once ... but the guy was
VERY surprised/impressed. I guess a lot of folks simply never consider
how easy it would be to do this.
(p.s. don't try this particular demo if you're running a switch because
it won't work.)

> > Weigh the cost vrs. risk here. A free windows ssh client like putty
> > (http://www.chiark.greenend.org.uk/~sgtatham/putty/) makes you a fool
> > not to use ssh.
> 
> OK - I've got it, I've been using the telnet side. I'm just trying
> to figure out how to use SSH.

From the server side: if you're running FreeBSD later than 4.1.1 (which
I recommend) all you have to do is enter sshd_enable="YES" into
/etc/rc.conf
From another FreeBSD machine, enter "ssh machine.domain.com" to log in
remotely. From putty (or any other graphical client) enter the machine
name and click the pretty buttons.
It really works just like telnet (from a user perspective). It's just
that it encrypts everything.

Hope this helps.

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message