[21061] in North American Network Operators' Group
Re: Rootshell pages hacked
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Mon Nov 2 20:30:12 1998
Date: Mon, 2 Nov 1998 20:19:46 +0100 (MET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <4.1.19981102100927.009f8100@localhost>
On Mon, 2 Nov 1998, John P. Reddy wrote:
> At 09:51 AM 11/2/98 -0500, Adam Rothschild wrote:
> >On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
> >
> >> problem, UNIX one-time passwords are real problem. Another bad problem is
> >> _the same UNIX password for all purposes_ - I can sniff your FTP password
> >> and use it for SSH access (for example).
> >
> >Very true. Then again, FTP'ing in cleartext is kinda stupid in and of
> >itself. Why not just FTP thru an SSH tunnel? Or, if you're up for
> >an adventure (and a not-totally-complete(TM) spec), try the secure file
> >xfer stuff in SSH2...
>
> Or, for the unix-inclined, scp works rather well under SSH 1.2.x
You can also use some kind of terminal emulator and run zmodem over your
ssh session. Works wonders with newer SecureCRT for instance. Then you
also have resume if your download failes etc.
-----
Mikael Abrahamsson email: swmike@swm.pp.se
