[21031] in North American Network Operators' Group
Re: Rootshell pages hacked
daemon@ATHENA.MIT.EDU (Adam D. McKenna)
Mon Nov 2 10:36:07 1998
From: "Adam D. McKenna" <adam@flounder.net>
To: "Adam Rothschild" <asr@millburn.net>, <nanog@merit.edu>
Date: Mon, 2 Nov 1998 10:17:08 -0500
scp user@fromhost:file user@tohost:file
Enter passphrase for RSA key:
:)
The coolest thing about scp is that you don't have to be ON fromhost to copy
files between it and tohost. If passwords or RSA authentication passphrases
are needed you will be prompted for them by scp.
It's also interesting to note that there is no unix password needed for ssh
with RSA auth. Your password field in /etc/shadow can be "*" or "!" or
whatever your particular OS uses to signify an account which has a locked
password.
--Adam
-----Original Message-----
From: Adam Rothschild <asr@millburn.net>
To: nanog@merit.edu <nanog@merit.edu>
Date: Monday, November 02, 1998 10:05 AM
Subject: Re: Rootshell pages hacked
On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
> problem, UNIX one-time passwords are real problem. Another bad problem is
> _the same UNIX password for all purposes_ - I can sniff your FTP password
> and use it for SSH access (for example).
Very true. Then again, FTP'ing in cleartext is kinda stupid in and of
itself. Why not just FTP thru an SSH tunnel? Or, if you're up for
an adventure (and a not-totally-complete(TM) spec), try the secure file
xfer stuff in SSH2...
