Security/Hacked System - Now what?!!

bruce badouglas at gmail.com
Sun Dec 22 02:19:17 UTC 2013


Hi Wolfgang,

Ok, say you have a box that you want to remotely access. Never a need
to access the box via the gui/login.

And regarding the ssh/remote access, you specify public/private keys,
and you have the key process run from the key file. This allows a user
to be able to ssh into the box without having to use the ssh passwd,
but only from the corresponding box that has the associated public
(master/client) passwd/key setup to permit the login access.

But in this situation, if a user hacks into the 1st system, then they
have access to the 2nd system, assuming they know the 2nd system's
username. This would happen as the private/public key access file has
been setup!

Any way around this, or am I missing something...

I'm thinking that you could setup the user(s) on the client machine,
to restrict access/perms, but it still doesn't do anything about the
fact that once a user hacks into the parent machine, they then would
have access into the 2nd machine...

feedback welcome..



On Sat, Dec 21, 2013 at 9:06 PM, Wolfgang S. Rupprecht
<wolfgang.rupprecht at gmail.com> wrote:
>
> bruce <badouglas at gma il.com> writes:
>> You then mod SSH as required to disable root login
>> OK, what else should you do?
>
> Root login isn't a bad idea in and of itself.  More important is to not
> allow anything but public key logins (eg. ECDSA, RSA).  For people
> logging in with root credentials, give everyone a different public key
> and keep a secure copy of /var/log/secure on a secure system for
> backtracking breakins.   Each login (including root) will show which key
> was used to log in.  You can easily see who lost control of their key.
>
> I'm a firm believer in never allowing passwords logins over the net.
> Users will hardly ever use random-letter-upper-lower-number passwords.
> They always think they are oh so clever with easily guessed strung
> together words, with or without a punctuation char.
>
> -wolfgang
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org


More information about the users mailing list