MORE SSH Hacking: heads-up

Scot L. Harris webid at cfl.rr.com
Sun Aug 1 17:28:18 UTC 2004


On Sun, 2004-08-01 at 12:38, Jim Cornette wrote:
> Thanks for the tips on seting up remote users and using keys on critical 
> systems.
> 
> I used SSH only to get into a test machine w/ a crashing X. It seemed 
> extremely easy to get into the other computer. I knew the other 
> passwords to the computer I logged into, but still an easy process. I 
> didn't seem to be a real safe process w/ passwords allowed.
> 
> I don't normally  use SSH for my own computer systems. Transferring 
> files to one computer to another is more my use for remote machines. SSH 
> might be useful for remote admin, but walking to the other machine is 
> just as easy in a home network.
> 
> Thanks!
> 
> Jim

Another trick that can be used is port knocking.  Pretty neat idea. 
Send a series of connection attempts on different ports.  Software on
the server monitors the log files and when it sees the correct sequence
it opens up the port your application connects on.  Kind of a
combination lock for your server.

fwknop is one implementation of this.  

-- 
Scot L. Harris
webid at cfl.rr.com

your keyboard's space bar is generating spurious keycodes. 





More information about the users mailing list