HPE Community
Operating System - HP-UX
1846854 Members
4152 Online
110256 Solutions
New Discussion

Re: Ssh2

 
Roger Baptiste
Honored Contributor

‎12-27-2000 10:43 AM

‎12-27-2000 10:43 AM

Ssh2

Hi,

Here is a scenario of security
breach with ssh2, when there
are users home directories which
have write permission for group/world.

UserA generates his public and
private keys through the ssh-keygen2 command. To break
into other user accounts, all he
needs to do is to copy his
public key file in that user's
.ssh2 subdirectory and append
an entry to the 'authorization' file
pointing to his publickey file.
Once he has done this, he
can simply login as that user
with ssh2.

For folks who have setup ssh2,
can you please share your
thoughts and guidelines you
followed in setting up SSH2?

thanks
raj
Take it easy.
0 Kudos
Reply
2 REPLIES 2
Peter Brimacombe
Frequent Advisor

‎01-02-2001 06:50 PM

‎01-02-2001 06:50 PM

Re: Ssh2

we use ssh2

I think that it provides a useful level of security

we are not worried about one legitimate user getting acces to the account of another legimate user

I had looked at DCE , dfs and servers to do certification, it was scary, the central systems group didn't know anything about it , but they did support ssh (1) at the time and ssh2 is working okay
0 Kudos
Reply
Dan Hetzel
Honored Contributor

‎01-02-2001 11:28 PM

‎01-02-2001 11:28 PM

Re: Ssh2

Hi Raj,

Allowing write permission for group/world in user directories is a security risk anyway; with or without ssh2.

For example, a user could create another .rhosts file, allowing him remote login from a given host without password.

A system will only be as secure as the weakest element. If you open the doors, don't be surprised that people walk in...

Best regards,

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.