Rootshell pages hacked
John P. Reddy
jreddy at lightning.net
Mon Nov 2 15:10:21 UTC 1998
At 09:51 AM 11/2/98 -0500, Adam Rothschild wrote:
>On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
>
>> problem, UNIX one-time passwords are real problem. Another bad problem is
>> _the same UNIX password for all purposes_ - I can sniff your FTP password
>> and use it for SSH access (for example).
>
>Very true. Then again, FTP'ing in cleartext is kinda stupid in and of
>itself. Why not just FTP thru an SSH tunnel? Or, if you're up for
>an adventure (and a not-totally-complete(TM) spec), try the secure file
>xfer stuff in SSH2...
Or, for the unix-inclined, scp works rather well under SSH 1.2.x
--
My public PGP key may be found at http://www.lightning.net/~jreddy
John Patrick Reddy Sr. System Administrator
Lightning Internet Services, LLC. Tel.(516)248-8400x123
327 Sagamore Ave Pag.(888)935-2700
Mineola, NY 11501 Fax.(516)248-8897
More information about the NANOG
mailing list