[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] ssh stopped working and can't login as root

Subject: Re: [cobalt-users] ssh stopped working and can't login as root
From: "Wayne Sagar" <shortfork@xxxxxxxxxxx>
Date: Fri Mar 1 18:10:02 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

WinSCP2 differentiates based on suffix rules, or lets you decide on a
case by case basis.

As usual Jeff, great reply! So if I understand correctly, WinSCP2 will letme choose between asskey and binary, similar to the way WSFTP will... Verycool!

We let customers manage their own sites via ftp.  We lock them to their
own directory path.  We separate email accounts from ftp accounts.

Very few websites have ever been defaced using ftp.  Most are defaced by
other exploits, usually aimed at "root" or "real" sites, not at virtual
sites such as those the RaQ uses.

I *think* this is also what I'm doing with sites. I only have a couple thatI am not the manager of and the only person who uploads anything to them. Itry to lock email accounts to a separate, non privlidged user.. Quickquestion relating to this. I keep FTP server off, unless I'm using it or ifsomeone else needs it. Which conveniently at this point is rare and I'mquite familiar with the users who need it.. But it is a problem at times.How much am I gaining in security by keeping it off. I see a number ofanonymous FTP attempts when it is on in my logs and, as always, lots ofprobes to port 21 at all times. Since getting hacked (by the bind deal abouta year ago) I've been probably a bit "paranoid" about security.. some wouldsay to obsession, am I ganing anything by keeping FTP server off most of thetime?

Related question.. How much risk is involved in giving shell access to avirtual site if I'm the only one that has access to that site.. ie I'm theadministrator of the virt? This would be so I could use Winscp2 instead ofFTP to administer that site? I could upload to the site as server admin withWinscp2 and then chown the files but sometimes there are 200 files that goup at one time and that would be an added hassle.

FP uploads via http, as does Netscape's browser.  FP can't require
sendmail, since it's designed to run on WinNT/2K, and most people don't
run sendmail on WinNT/2k.

Ahh.. I guess this is good, and bad all at the same time then. And I guess,since I need to offer it (FP) I'd rather not even know how it works and whatholes it opens, it'll just give me something else to fret about!


As always, thanks for all the good info Jeff!
Wayne




_________________________________________________________________

Join the world?s largest e-mail service with MSN Hotmail.http://www.hotmail.com

Follow-Ups:
- Re: [cobalt-users] ssh stopped working and can't login as root
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] telnet-ing
Next by Date: [cobalt-users] Adding a 'Catch-all' email address to a user of a Virtual domain
Previous by thread: Re: [cobalt-users] ssh stopped working and can't login as root
Next by thread: Re: [cobalt-users] ssh stopped working and can't login as root

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index