[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] FTP Login as Root

Subject: Re: [cobalt-users] FTP Login as Root
From: "Richard E. Perlotto II" <richard@xxxxxxxxxxxx>
Date: Tue Jan 4 19:59:11 2000

It is never secure to login as root.  In fact unless you are using SSH, 
ALL your passwords are sent in the clear across the Internet.  The 
password is only stored in a one-way encrypted hash on the machine.  What
you type is clear text.  Anyone on the same network, or that is in-between
you and the machine could sniff all that you type.

These machines are not setup in the most secure manner possible, but most
of the patches have been loaded (on at least the one that I have).


Richard


> > Try removing root from the /etc/ftpusers file.  This will decrease the
> > security of the machine that you are using.  There should not be a good
> > reason to ftp anything as root.  You should be able to ftp the file as
> > a normal user, and then use su to become root and execute what you
> > need.
> 
> Hmm...., a question:
> Why is it more secure to login as root via telnet than via FTP? I don't understand this
> as the passwords are sent unencrypted, no
> matter how I login as root..., or am I wrong?
> 
> Thanks,
> Fathi

begin:vcard 
n:Perlotto;Richard
x-mozilla-html:FALSE
url:http://www.perlotto.com
org:Home
adr:;;;;;;
version:2.1
email;internet:richard@xxxxxxxxxxxx
x-mozilla-cpt:;-1
fn:Richard Perlotto
end:vcard

Prev by Date: [cobalt-users] HOW TO UPDATE SENDMAIL
Next by Date: Re: [cobalt-users] RAQ - Basic questions about host names.
Previous by thread: Re: [cobalt-users] FTP Login as Root
Next by thread: [cobalt-users] Users Pages..

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index