On Thursday 08 February 2007 11:36:21 Les wrote:
> On Thu, 2007-02-08 at 13:36 +0800, edwardspl@xxxxxxxxxx wrote:
> > Les Mikesell wrote:
> > > edwardspl@xxxxxxxxxx wrote:
> > > > Tom Spec wrote:
> > > > > What do you mean by "solution"? Do you want to stop people from
> > > > > logging in when they have the correct password?
> > > > >
> > > > > You should make your passwords strong enough so that people
> > > > > cannot (easily) guess/hack them.
> > > > > Don't allow people to log in as root remotely.
> > > > > You can limit where people can log in from by using iptables.
> > > > >
> > > > > Tom
> > > >
> > > > If there is ssh-telnet service for user...
> > > > Then is there a solution to fix the problem of hack ( although
> > > > someone who know the user's password, but they can't modify /
> > > > delete any profile files, so the user who can login to the server
> > > > nect time again ) ?
> > > > eg : limit user profile ( user account ) ?
> > > > if so, how to do this ?
> > > >
> > > > Edward.
> > >
> > > I think the real solution is to teach your user that it is important
> > > not to let others know his password if he hasn't figured that out
> > > himself yet. And if others do need this access they should have
> > > their own accounts instead of being able to pretend to be someone
> > > else.
> >
> > Hello,
> >
> > But I think the user account ( profile files ) is also problem, so, I
> > want to know how limit the related files ( including the dot file ) !
> >
> > Edward.
> > --
>
> The only thing that the system "knows" about the user is the username
> and password. If those are correct, as far as the computer is concerned
> the person driving the keys is supposed to have that level of access.
> There are other security methods that could be installed and used, such
> as key cards, randomizer tokens to choose periodic random passwords in
> sync with a randomizer server, or personal ID things such as fingerprint
> scanners or even facial recognition o name a few. But these
> technologies are still quite new and the cost of implementation such
> scanners is quite high.
>
> Regards,
> Les H
Don't know if someone has already talked about it or not during the whole
thread.
But...what if the user account which was hacked had some ssh-keys on it .ssh/
It might be stolen :-)
Just to keep this thread alive :-)
--
Un saludo,
Manuel Arostegui
Tecnico de Sistemas
c/ Marques de Monteagudo 15, 4 - 28028 Madrid
Tel. 91.1838494 - Fax. 91.1838495 - http://www.artica.es
GNUPG Key http://www.artica.es/gnupg/marostegui.asc
Este e-mail es confidencial y destinado únicamente a la persona a la cual va
dirigido. Si Ud. no es el destinatario al cual va dirigido este e-mail o lo
recibe por error, queda advertido que cualquier uso, difusión, impresión o
copia de este mensaje está estrictamente prohibido. Si lo ha recibido por
error, por favor, notifíquelo al remitente del mensaje.
