[21042] in North American Network Operators' Group
Re: Rootshell pages hacked
daemon@ATHENA.MIT.EDU (John P. Reddy)
Mon Nov 2 15:33:07 1998
Date: Mon, 02 Nov 1998 10:10:21 -0500
To: Adam Rothschild <asr@millburn.net>
From: "John P. Reddy" <jreddy@lightning.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.02A.9811020948190.7765-100000@thuule.pair.com>
At 09:51 AM 11/2/98 -0500, Adam Rothschild wrote:
>On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
>
>> problem, UNIX one-time passwords are real problem. Another bad problem is
>> _the same UNIX password for all purposes_ - I can sniff your FTP password
>> and use it for SSH access (for example).
>
>Very true. Then again, FTP'ing in cleartext is kinda stupid in and of
>itself. Why not just FTP thru an SSH tunnel? Or, if you're up for
>an adventure (and a not-totally-complete(TM) spec), try the secure file
>xfer stuff in SSH2...
Or, for the unix-inclined, scp works rather well under SSH 1.2.x
--
My public PGP key may be found at http://www.lightning.net/~jreddy
John Patrick Reddy Sr. System Administrator
Lightning Internet Services, LLC. Tel.(516)248-8400x123
327 Sagamore Ave Pag.(888)935-2700
Mineola, NY 11501 Fax.(516)248-8897
