Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Oliver Block
June 8, 2006, 2:53 pm
rate this thread
Actually mounting remote filesystems via SSH makes those SSH server's local
files accessible to any local user on the SSH client in a way that an active
SSH session has not previously supported, in a way that SSH chroot cages for
casual SSH users would help protect against.
Not all sys-admins are smart enough to use shadow passwords and non-DES
passwords, leaving it possible for anyone with SSH access to run very
successful brute force cracking against the server's /etc/passwd file. And
because not all users are careful enough to keep their home directories set
to "user-only" access, or to use non-DES passwords and restrict read
permissions in .htpasswd files that are locally accessible in their web
repositories. And because there are easily a dozen other such attack
approaches which people are not sufficiently careful about, ranging from
syslogs to files kept in /tmp, including read access to MySQL databases
where user account informain may be stored, to read access to LDAP account
I've also seen way, way too many systems where user's files are generally
accessible, either deliberately for NFS access as a matter of policy, or
because some inexperienced system adminastrator has created their own set of
user account creation tools which used "mkdir /home/username" without using
a "umask before that step or "chmod 700" after that step to prevent general
access to new accounts.
I could go on, but I think that addresses most of my concerns.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum