VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: ssh weakness?  (Read 2125 times)

v12fairlane

  • Member
  • *
  • Posts: 29
ssh weakness?
« on: July 23, 2013, 01:05:26 am »

found this just before. a bit scary.

http://kernelcoffee.org/blog/2012/09/20/reminder-ssh-send-command-without-login/

how necessary is ssh as a system resource?
Logged

nightflier

  • Administrator
  • Vectorian
  • *****
  • Posts: 4083
Re: ssh weakness?
« Reply #1 on: July 23, 2013, 03:34:15 am »

SSH is a great tool for secure and versatile remote access. Not really scary at all :)

That said, if you don't plan using it, there is no need to have it running. It is not be enabled by default. You can check or control it by opening a terminal, becoming root, then issue command "vsrvset". Next, choose your runlevel (4 if you boot to GUI), and use the checkboxes for the services.
Logged

bigpaws

  • Vectorian
  • ****
  • Posts: 1869
Re: ssh weakness?
« Reply #2 on: July 23, 2013, 05:05:34 am »

I think I understand your question.

After reading your link, it would appear that an exploit
would be trivial.

In order for the command in the sample to run the ssh
host has to have passwordless ssh setup. The procedure
is to create and share id keys, then change the default
configuration files to allow authentication without passwords.

As far as security of a system.

Anyone that has local access (able to physically touch the computer)
the game is basically over. All someone would need to do is to remove
the hard drive and place it in another system that can read the file system.
Then all files can be accessed. There is a little exception if your use whole
disk encryption and the system is not running.

Remote attacks involve more work to exploit a computer.

No system is secure. You need to weigh the benefits of trouble to the
user vs trouble logging in.

I hope some light was shed on the subject.

Bigpaws
Logged

v12fairlane

  • Member
  • *
  • Posts: 29
Re: ssh weakness?
« Reply #3 on: July 23, 2013, 01:58:36 pm »

thanks, that helps. i keep reading around the place that no one runs their install stock out of the box. what sort of modifications are made? or should i ask this in a new post?
Logged

bigpaws

  • Vectorian
  • ****
  • Posts: 1869
Re: ssh weakness?
« Reply #4 on: July 23, 2013, 05:13:34 pm »

This is  fine. Normally you would start a new post.

I am not sure what you mean by stock.

If you are referring to a default install most newer users
choose that option, which is the recommended way to do
an installation. Then users add programs that are not
included in the installation.

Bigpaws
Logged

v12fairlane

  • Member
  • *
  • Posts: 29
Re: ssh weakness?
« Reply #5 on: July 23, 2013, 08:17:39 pm »

ok. cool. thanks for clarifying.
Logged