[CentOS] defense-in-depth possible for sshd?
Bent Terp
bent at terp.seTue Jan 10 13:55:45 UTC 2012
- Previous message: [CentOS] defense-in-depth possible for sshd?
- Next message: [CentOS] defense-in-depth possible for sshd?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Jan 10, 2012 at 2:49 PM, John Doe <jdmls at yahoo.com> wrote: > From: Bennett Haselton <bennett at peacefire.org> > > > On 1/10/2012 5:16 AM, John Doe wrote: > >> The sshd child is running as bob; so it has bob (and not root) > rights... > > > > Yes, I understand that. What I said was that if you could take complete > > control of the sshd process you were connecting to, even if that process > > was completely unprivileged, you could still make it say "Accept a login > > from 'root' with password 'foo'" and then log in as root. > > How would your bob owned child sshd take complete control of the > parent root owned sshd...? > > JD > > Or, if you simply WANT more layers, then deploy defense-in-depth in FRONT of sshd. VPN or port-knocking springs to mind BR Bent
- Previous message: [CentOS] defense-in-depth possible for sshd?
- Next message: [CentOS] defense-in-depth possible for sshd?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list