Dva dotazy
Jaroslav Lukesh
lukesh na seznam.cz
Čtvrtek Prosinec 16 10:05:25 CET 1999
----------
| Odesílatel: Petr Novotny <Petr.Novotny na antek.cz>
|
| On 16 Dec 99, at 9:51, Korinek, Jan wrote:
|
| > NT maji implementovany prikazy rsh a rexec jeden je s autorizaci a
tudiz
| > nevhodny ale jeden je po zkonfigurovani .rhosts schopen prikaz provest
bez
| > asistence. Bohuzel mam zmatek v tom, ktery je ktery. Konfigurace
rhosts
| > nemuze obsahovat username, protoze ho NT neposilaji a zkolabovalo by
to.
| > Promyslete si, kdo k vam chodi na ten server a jak velka potencialni
dira
| > to muze byt.
|
| To bych fakt radsi pouzil nejakou ssh implementaci vygeneroval si
| keypair bez klice (vyborne! zajistil pristupovymi pravy) a posilal
| prikaz shutdown pres vyhrazeneho uzivatele (ktery nesmi vic nez
| shutdown). V pripade, ze dojde ke kompromitovani klice vidim, ze
| mi nekdo opakovane (ovsem korektne) shutdownoval system
| (zapisy v logu vsechny jsou) a klic proste vymenim za jiny.
No slo by to podle mne jeste tak, ze v batch profiles bude onen shutdown
pro uzivatele treba shutdown. Po zalogovani to shootne.
MAN SSH rika tohle:
Ssh implements the RSA authentication protocol automatically. The user
creates his/her RSA key pair by running ssh-keygen(1). This stores the
private key in .ssh/identity and the public key in .ssh/identity.pub in the
user's home directory. The user should then copy the identity.pub to
.ssh/authorized_keys in his/her home directory on the remote machine (the
authorized_keys file corresponds to the conventional .rhosts file, and has
one key per line, though the lines can be very long).
After this, the user can log in without giving the password
*************************************
Cili nebude prompt...
Jaroslav Lukesh, K-net
--------------------------------------------------
http://www.k-net.cz
Multimedia, Networking, Communications
Windows terminals, NC
computer hardware and software
--------------------------------------------------
Další informace o konferenci Linux