[ale] I was hacked!
neal at mnopltd.com
neal at mnopltd.com
Mon Nov 4 20:38:10 EST 2019
Well, not allowing anyone to login as root anywhere except the physical
console tty does mean that at least you have some clue as to "Who the
heck is logged in"?
and if someone has done a sudo, you can track it back to an original
login.
Yer still hacked, but you may have someone to shoot.
On 2019-11-04 15:57, Byron Jeff via Ale wrote:
> I thought the same in the first minute, but realized that it doesn't
> add
> any operational security. If machine A, user B is compromised (B at A) and
> B's key's are used to login to B at C using keys, and B has sudo access,
> then it's
> trivial for the hacker to login to B at C, change B's password on C, then
> use
> it to gain root access on C.
>
> I almost start to wonder if passwordless keys really improve security.
>
> BAJ
>
> On Mon, Nov 04, 2019 at 04:10:41PM -0500, dj-pfulio via Ale wrote:
>> >> directly. Perhaps 2006? First thing I do on any new machine is
>> add an
>> >> account with sudo rights.
>> >
>> > I don't see the operational difference between ssh'ing into root (using a
>> > key) and ssh'ing into another account using a key and then sudo'ing to
>> > root. You're still getting into the machine via a key?
>> >
>>
>> 2 authentication levels seems to be better than 1, but everyone has
>> different requirements.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list