VectorLinux
October 23, 2014, 11:38:21 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: ssh weakness?  (Read 1685 times)
v12fairlane
Member
*
Posts: 29


« on: July 23, 2013, 12:05:26 am »

found this just before. a bit scary.

http://kernelcoffee.org/blog/2012/09/20/reminder-ssh-send-command-without-login/

how necessary is ssh as a system resource?
Logged
nightflier
Administrator
Vectorian
*****
Posts: 4026



« Reply #1 on: July 23, 2013, 02:34:15 am »

SSH is a great tool for secure and versatile remote access. Not really scary at all Smiley

That said, if you don't plan using it, there is no need to have it running. It is not be enabled by default. You can check or control it by opening a terminal, becoming root, then issue command "vsrvset". Next, choose your runlevel (4 if you boot to GUI), and use the checkboxes for the services.
Logged
bigpaws
Vectorian
****
Posts: 1856


« Reply #2 on: July 23, 2013, 04:05:34 am »

I think I understand your question.

After reading your link, it would appear that an exploit
would be trivial.

In order for the command in the sample to run the ssh
host has to have passwordless ssh setup. The procedure
is to create and share id keys, then change the default
configuration files to allow authentication without passwords.

As far as security of a system.

Anyone that has local access (able to physically touch the computer)
the game is basically over. All someone would need to do is to remove
the hard drive and place it in another system that can read the file system.
Then all files can be accessed. There is a little exception if your use whole
disk encryption and the system is not running.

Remote attacks involve more work to exploit a computer.

No system is secure. You need to weigh the benefits of trouble to the
user vs trouble logging in.

I hope some light was shed on the subject.

Bigpaws
Logged
v12fairlane
Member
*
Posts: 29


« Reply #3 on: July 23, 2013, 12:58:36 pm »

thanks, that helps. i keep reading around the place that no one runs their install stock out of the box. what sort of modifications are made? or should i ask this in a new post?
Logged
bigpaws
Vectorian
****
Posts: 1856


« Reply #4 on: July 23, 2013, 04:13:34 pm »

This is  fine. Normally you would start a new post.

I am not sure what you mean by stock.

If you are referring to a default install most newer users
choose that option, which is the recommended way to do
an installation. Then users add programs that are not
included in the installation.

Bigpaws
Logged
v12fairlane
Member
*
Posts: 29


« Reply #5 on: July 23, 2013, 07:17:39 pm »

ok. cool. thanks for clarifying.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!