nanog mailing list archives

Re: Rootshell pages hacked

From: Mikael Abrahamsson <swmike () swm pp se>
Date: Mon, 2 Nov 1998 20:19:46 +0100 (MET)

On Mon, 2 Nov 1998, John P. Reddy wrote:

At 09:51 AM 11/2/98 -0500, Adam Rothschild wrote:

On Mon, 2 Nov 1998, Alex P. Rudnev wrote:

problem, UNIX one-time passwords are real problem. Another bad problem is 
_the same UNIX password for all purposes_ - I can sniff your FTP password 
and use it for SSH access (for example).


Very true.  Then again, FTP'ing in cleartext is kinda stupid in and of
itself.  Why not just FTP thru an SSH tunnel?  Or, if you're up for
an adventure (and a not-totally-complete(TM) spec), try the secure file
xfer stuff in SSH2...


Or, for the unix-inclined, scp works rather well under SSH 1.2.x


You can also use some kind of terminal emulator and run zmodem over your
ssh session. Works wonders with newer SecureCRT for instance. Then you
also have resume if your download failes etc.

-----
Mikael Abrahamsson    email: swmike () swm pp se

Current thread:

Re: Rootshell pages hacked Adam D. McKenna (Nov 01)
- Re: Rootshell pages hacked Paul Vixie (Nov 01)
  - Re: Rootshell pages hacked Henry Linneweh (Nov 01)
- <Possible follow-ups>
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 02)
  - Re: Rootshell pages hacked Adam Rothschild (Nov 02)
    - Re: Rootshell pages hacked John P. Reddy (Nov 02)
    - Re: Rootshell pages hacked Mikael Abrahamsson (Nov 02)
- Re: Rootshell pages hacked John Hawkinson (Nov 02)
- Re: Rootshell pages hacked Adam D. McKenna (Nov 02)
- Re: Rootshell pages hacked themonk (Nov 02)
- Re: Rootshell pages hacked Ryan Pavely (Nov 02)
  - Re: Rootshell pages hacked alex (Nov 02)
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 05)
  - Re: Rootshell pages hacked Michael Freeman (Nov 05)
    - old s/key patch for SSH (was Re: Rootshell pages hacked) John Hensley (Nov 05)
    - Re: Rootshell pages hacked Alex P. Rudnev (Nov 05)
    - Re: Rootshell pages hacked Adam Rothschild (Nov 05)