[ale] Inetd Setup Question on RH6.2
John Mills
john at mills-atl.com
Sun Dec 10 22:32:15 EST 2000
On Sat, 9 Dec 2000, Bob's ALE Mail wrote:
> James Kinney <jkinney at localnetsolutions.com> wrote:
> > If you use the openssh
> > rpm's, they will install an /etc/rc.d/init.d/sshd init script for starting
> > and stoping based on run levels. This is a great way to run sshd.
> A really big con to invoking ssh from inetd is that it causes you to have
> to trust two more programs that could have Trojans added, inetd and
> inetd.conf. These are prime targets for crackers and they then can invoke a
> Trojaned version of sshd (in a different location so that Tripwire or
> equivalent will not notice) that suck up your password. True, if someone has
> root access he can replace sshd as well but that seems less likely.
Thanks to you both for good points. I had actually built openssh and
openssl from their respective source tarballs, not installed from rpms. It
turns out this was obscuring my last problem - ssh failing to authenticate
properly. I also run PAM with shadowed MD5 passwords, and pam.d did not
have the authentication file installed for ssh. I copied forward one from
an older installation (which probably came out of an RPM which I then did
not use). I launch sshd from rc.local. Crude, I admit.
Regards
- John Mills
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list