| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <3E3A53BD-F51E-4AC9-8A1A-CB8ABA878034@oav.net> Date: Thu, 1 Feb 2007 18:36:50 +0100 From: Xavier Beaudouin <kiwi@....net> To: Paul Schmehl <pauls@...allas.edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: (Psexec on *NIX) Le 1 févr. 07 à 17:48, Paul Schmehl a écrit : > --On Thursday, February 01, 2007 12:48:13 +0100 Knud Erik Højgaard > <kokanin@...il.com> wrote: > >>> something similar to PSExec under linux. >> >> ssh-keygen >> ssh-add >> for i in `cat serverlist` ; do ssh root@$i rm -rf / ; done >> > For anyone who follows these instructions, let me know. For a fee, > I'll help you get back up and running. :-) In general on most unix box you have in /etc/ssh/sshd_config : PermitRootLogin no People who use root login with ssh are dangerous, sudo exist or can be installed... Allowing direct root login even with SSH is IMHO stupid... My 0,02c /Xavier _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists