lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 1 Feb 2007 18:36:50 +0100
From: Xavier Beaudouin <kiwi@....net>
To: Paul Schmehl <pauls@...allas.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: (Psexec on *NIX)


Le 1 févr. 07 à 17:48, Paul Schmehl a écrit :

> --On Thursday, February 01, 2007 12:48:13 +0100 Knud Erik Højgaard  
> <kokanin@...il.com> wrote:
>
>>> something similar to PSExec under linux.
>>
>> ssh-keygen
>> ssh-add
>> for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done
>>
> For anyone who follows these instructions, let me know.  For a fee,  
> I'll help you get back up and running.  :-)

In general on most unix box you have in /etc/ssh/sshd_config :

PermitRootLogin no

People who use root login with ssh are dangerous, sudo exist or can  
be installed...

Allowing direct root login even with SSH is IMHO stupid...

My 0,02c

/Xavier


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ