Remote Shell

Roeland M.J. Meyer rmeyer at mhsc.com
Tue Sep 29 08:17:55 UTC 1998 

I didn't come up with this one. But, for the truely security concious, the
machine that has this kind of access has no lusers on it anyway. The hosts
that our customers are on are administered, not administrators. Besides,
for security reasons, only employees have shell accounts and even most of
them do not, only SAs and developers, on as-needed basis. Our NOC machines
don't even have developers (which is where this sort of thing would be done
from). I think it's a cute idea and I'm going to try it. BTW, everyone here
has WinNT as their workstation O/S. The Linux boxen are strictly servers,
even me.

At 01:16 AM 9/29/98 -0400, Adam D. McKenna wrote:
>This will work if you have no passphrase on your RSA key.  This is a *really*
>stupid thing to do, IMHO, especially to a root account, as anyone who manages
>to get access to your ~/.ssh/identity file will be able to log into any host
>that you have set this up on, without a password.  While it's a little more
>secure than .rhosts authentication, the absence of any kind of
>password/passphrase validation makes it (again IMHO) an undesirable option
for
>the security conscious.
>
>--Adam
>-----Original Message-----
>From: Zachary McGibbon <mzac at uunet.ca>
>To: Roeland M.J. Meyer <rmeyer at mhsc.com>
>Cc: Benicio Miguel Sanchez Fuentes <bsanchez at alestra.com.mx>; NorthAm Net Ops
>Grp List <nanog at merit.edu>
>Date: Tuesday, September 29, 1998 1:42 AM
>Subject: Re: Remote Shell
>
>
>You can perform 'rsh' type commands with ssh as well... here's an example:
>
>/# ssh servername w
>root at servername's password: <type password here>
>10:45pm  up 19 days,  6:31,  2 users,  load average: 0.18, 0.11, 0.09
>USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
>root     ttyp0    client            8:08pm  2:37m  0.27s  0.10s
>
>You can also setup authorized keys on the server side.  In your home dir
>on the server, go into the '.ssh' dir, and create a file called
>'authorized_keys', then on your workstation, type 'ssh-keygen'.  In your
>home dir, go into '.ssh' and take the contents of 'identity.pub' and copy
>that to the 'authorized_keys' on the server side.  Then 'chmod 600
>authorized_keys' on the server side.  Then it won't ask you for a password
>when you ssh to that machine.  It's usefull if you want to set this up as
>a cronjob to do something on a remote machine.
>
>
>On Mon, 28 Sep 1998, Roeland M.J. Meyer wrote:
>
>> Set up SSH <http://www.datafellows.com> and open port 22. I would NOT allow
>> plain ol' telnet over the Internet. SSH is free for non-commercial use and
>> is works quite well under HP-UX.
>>
>>
>>
>> At 01:32 PM 9/28/98 -0500, you wrote:
>> >I need to give remote shell access to a user in a server (an HP-9000 k410
>> >running HP-UX 10.10) conected to mine through a 3Com router, I have done
>> >some investigation and what I have found is that I have to open port  514
>> >for tcp, for some reason this did not work, so I opened (temporarily of
>> >course) all the ports on the router....and it worked, but  I don´t want to
>> >leave it like that, Does anyone now what port(s)  I need to leave open to
>> >alow the remote shells?.
>> >
>> >Is there any configuration needed other than the equiv.hosts and (or) the
>> >.rhosts files ?
>> >
>> >Thanks in advance for your answers
>> >
>> >Benicio Sanchez
>> >Network Operations Engineer
>> >Alestra
>> >
>>
>> _________________________________________________
>> Morgan Hill Software Company, Inc.
>> Colorado Springs, CO - Livermore, CA - Morgan Hill,
>> CA
>> Domain Administrator
>> MHSC2-DOM and MHSC3-DOM
>> Administrative and Technical contact
>> ____________________________________________
>> InterNIC Id: MHSC hostmaster (HM239-ORG)
>> e-mail: <mailto:hostmaster at mhsc.com>mailto:hostmaster at mhsc.com

>> web -pages: <http://www.mhsc.com/>http://www.mhsc.com/
>> ____________________________________________
>> A group of politicians deciding to dump a President because his morals
>> are bad is like the Mafia getting together to bump off the Godfather for
>> not going to church on Sunday.
>>                 -- Russell Baker
>>
>
>
>Zachary McGibbon
>mzac at uunet.ca
>

_________________________________________________ 
Morgan Hill Software Company, Inc. 
Colorado Springs, CO - Livermore, CA - Morgan Hill,
CA                                    
Domain Administrator 
MHSC2-DOM and MHSC3-DOM
Administrative and Technical contact 
____________________________________________ 
InterNIC Id: MHSC hostmaster (HM239-ORG) 
e-mail: <mailto:hostmaster at mhsc.com>mailto:hostmaster at mhsc.com 
web -pages: <http://www.mhsc.com/>http://www.mhsc.com/ 
____________________________________________ 
A group of politicians deciding to dump a President because his morals
are bad is like the Mafia getting together to bump off the Godfather for
not going to church on Sunday.
                -- Russell Baker

More information about the NANOG mailing list