[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: redhat-list Digest, Vol 23, Issue 9



-----Original Message-----
From: redhat-list-request redhat com
[mailto:redhat-list-request redhat com] 
Sent: Sunday, January 08, 2006 12:00 PM
To: redhat-list redhat com
Subject: redhat-list Digest, Vol 23, Issue 9

Send redhat-list mailing list submissions to
	redhat-list redhat com

To subscribe or unsubscribe via the World Wide Web, visit
	https://www.redhat.com/mailman/listinfo/redhat-list
or, via email, send a message with subject or body 'help' to
	redhat-list-request redhat com

You can reach the person managing the list at
	redhat-list-owner redhat com

When replying, please edit your Subject line so it is more specific than
"Re: Contents of redhat-list digest..."


Today's Topics:

   1. encrypt password for Kickstart (Kipp, Jim)
   2. RE: is this an intruder? (Bliss, Aaron)
   3. RE: is this an intruder? (Michael D. Berger)
   4. Re: encrypt password for Kickstart (Allen K. Smith)
   5. RE: encrypt password for Kickstart (Kipp, Jim)
   6. Re: is this an intruder? (Malcolm Kay)


----------------------------------------------------------------------

Message: 1
Date: Sat, 7 Jan 2006 13:35:02 -0500
From: "Kipp, Jim" <jkipp ingdirect com>
Subject: encrypt password for Kickstart
To: <redhat-list redhat com>
Message-ID:
	
<EC741B54812B5940AC1A6EFDFD011D0F03034205 ingdexj1 ingdirect com>
Content-Type: text/plain; charset="us-ascii"

Hi
I am preparing a kickstart cfg file for RHEL4.  I would like to encrypt
the root password using md5.  

"rootpw --iscrypted xxxxxxxxxxxxxx"

What is the recommended method for creating the MD5 hash to use in the
above line in the cfg file?

I checked the RH docs for kickstart but did not find anything pertaining
to this. 

Thanks for any suggestions.

Jim









************************************************************************
*****
This email may contain confidential or privileged information. If you
believe  you have received the message in error, please notify the
sender and delete the message without copying or disclosing it.
************************************************************************
*****




------------------------------

Message: 2
Date: Sat, 7 Jan 2006 14:25:12 -0500
From: "Bliss, Aaron" <ABliss preferredcare org>
Subject: RE: is this an intruder?
To: "'Stephen Carville'" <stephen totalflood com>,	General Red Hat
	Linux discussion list <redhat-list redhat com>
Message-ID:
	
<FFF3441ECA73784EAAAD9B8ABFB0CC2B242CB8 ms-win-s21 preferredcare org>
Content-Type: text/plain;	charset="iso-8859-1"

I would be careful of using the wheel group to allow ssh logins, as
admins
typically use this group in sudoers file to grant root access for
non-root
users; granting the wheel group ssh logins as well as root access is
essentially allowing root access over ssh anyway; although an outside
attacker would at least have to guess the non-root user's id and
password.

-----Original Message-----
From: Stephen Carville [mailto:stephen totalflood com] 
Sent: Saturday, January 07, 2006 9:40 AM
To: General Red Hat Linux discussion list
Subject: Re: is this an intruder?

Marty Landman wrote:

> Not sure if I'm reading this right as this is new to me but it appears

> someone in Denmark spent about 10 minutes trying a variety of userid's

> to start an ssh session on my network gateway.

Yep!  If you do not need ssh, your best defense is to disable it.

Otherwise.

Turn off root login and designate a group for oter ssh logins.  At home 
I just use "wheel."

in /etc/ssh/sshd_config

PermitRootLogin  no
AllowGroups      wheel

Restart sshd

Put you and anyone else who must have ssh access in the group wheel. 
Make sure they have good passwords.

Other possible changes are to only allow ssh protocol 2 and to change 
the external port.  Check 'Protocol", "Port" and ListenAddress" in man 
sshd_config.

-- 
Stephen Carville <stephen totalflood com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the
exclusive use of the individual or entity named above and may contain
privileged or confidential information.  If the reader of this message
is not the intended recipient or the employee or agent responsible to
deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is
prohibited.  If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.




------------------------------

Message: 3
Date: Sat, 7 Jan 2006 15:58:22 -0500
From: "Michael D. Berger" <m d berger ieee org>
Subject: RE: is this an intruder?
To: "'General Red Hat Linux discussion list'" <redhat-list redhat com>
Message-ID: <000001c613cd$18ebae40$2801a8c0 MBRC40>
Content-Type: text/plain;	charset="us-ascii"

What about protocol 2 RSA PubkeyAuthentication?  Doesn't this
provide enough protection so that the selection of users and
groups is not important?
Mike.

--
Michael D. Berger
m d berger ieee org 

> -----Original Message-----
> From: redhat-list-bounces redhat com 
> [mailto:redhat-list-bounces redhat com] On Behalf Of Bliss, Aaron
> Sent: Saturday, January 07, 2006 2:25 PM
> To: 'Stephen Carville'; General Red Hat Linux discussion list
> Subject: RE: is this an intruder?
> 
> 
> I would be careful of using the wheel group to allow ssh 
> logins, as admins
> typically use this group in sudoers file to grant root access 
> for non-root
> users; granting the wheel group ssh logins as well as root access is
> essentially allowing root access over ssh anyway; although an outside
> attacker would at least have to guess the non-root user's id 
> and password.
> 
> -----Original Message-----
> From: Stephen Carville [mailto:stephen totalflood com] 
> Sent: Saturday, January 07, 2006 9:40 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is this an intruder?
> 
> Marty Landman wrote:
> 
> > Not sure if I'm reading this right as this is new to me but 
> it appears 
> > someone in Denmark spent about 10 minutes trying a variety 
> of userid's 
> > to start an ssh session on my network gateway.
> 
> Yep!  If you do not need ssh, your best defense is to disable it.
> 
> Otherwise.
> 
> Turn off root login and designate a group for oter ssh 
> logins.  At home 
> I just use "wheel."
> 
> in /etc/ssh/sshd_config
> 
> PermitRootLogin  no
> AllowGroups      wheel
> 
> Restart sshd
> 
> Put you and anyone else who must have ssh access in the group wheel. 
> Make sure they have good passwords.
> 
> Other possible changes are to only allow ssh protocol 2 and to change 
> the external port.  Check 'Protocol", "Port" and 
> ListenAddress" in man 
> sshd_config.
> 
> -- 
> Stephen Carville <stephen totalflood com>
> Unix and Network Admin
> Nationwide Totalflood
> 6033 W. Century Blvd
> Los Angeles, CA 90045
> 310-342-3602
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 
> www.preferredcare.org
> "An Outstanding Member Experience," Preferred Care HMO Plans 
> -- J. D. Power and Associates
> 
> Confidentiality Notice:
> The information contained in this electronic message is 
> intended for the exclusive use of the individual or entity 
> named above and may contain privileged or confidential 
> information.  If the reader of this message is not the 
> intended recipient or the employee or agent responsible to 
> deliver it to the intended recipient, you are hereby notified 
> that dissemination, distribution or copying of this 
> information is prohibited.  If you have received this 
> communication in error, please notify the sender immediately 
> by telephone and destroy the copies you received.
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 




------------------------------

Message: 4
Date: Sat, 7 Jan 2006 13:18:52 -0800
From: "Allen K. Smith" <lazlor bigboy lotaris org>
Subject: Re: encrypt password for Kickstart
To: General Red Hat Linux discussion list <redhat-list redhat com>
Message-ID: <3274F295-E6CD-48D9-B6FD-122CCB1D83DB bigboy lotaris org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


openssl passwd -1


On Jan 7, 2006, at 10:35 AM, Kipp, Jim wrote:

> Hi
> I am preparing a kickstart cfg file for RHEL4.  I would like to  
> encrypt
> the root password using md5.
>
> "rootpw --iscrypted xxxxxxxxxxxxxx"
>
> What is the recommended method for creating the MD5 hash to use in the
> above line in the cfg file?
>
> I checked the RH docs for kickstart but did not find anything  
> pertaining
> to this.
>
> Thanks for any suggestions.
>
> Jim
>
>
>
>
>
>
>
>
>
> **********************************************************************

> *******
> This email may contain confidential or privileged information. If  
> you believe
>  you have received the message in error, please notify the sender  
> and delete
> the message without copying or disclosing it.
> **********************************************************************

> *******
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list



------------------------------

Message: 5
Date: Sat, 7 Jan 2006 19:41:40 -0500
From: "Kipp, Jim" <jkipp ingdirect com>
Subject: RE: encrypt password for Kickstart
To: "General Red Hat Linux discussion list" <redhat-list redhat com>
Message-ID:
	
<EC741B54812B5940AC1A6EFDFD011D0F0134BDF3 ingdexj1 ingdirect com>
Content-Type: text/plain; charset="iso-8859-1"

Thanks, did find this on google. sorry for the wasted question
 

________________________________

From: redhat-list-bounces redhat com on behalf of Allen K. Smith
Sent: Sat 1/7/2006 4:18 PM
To: General Red Hat Linux discussion list
Subject: Re: encrypt password for Kickstart




openssl passwd -1


On Jan 7, 2006, at 10:35 AM, Kipp, Jim wrote:

> Hi
> I am preparing a kickstart cfg file for RHEL4.  I would like to 
> encrypt
> the root password using md5.
>
> "rootpw --iscrypted xxxxxxxxxxxxxx"
>
> What is the recommended method for creating the MD5 hash to use in the
> above line in the cfg file?
>
> I checked the RH docs for kickstart but did not find anything 
> pertaining
> to this.
>
> Thanks for any suggestions.
>
> Jim
>
>
>







************************************************************************
*****
This email may contain confidential or privileged information. If you
believe
 you have received the message in error, please notify the sender and
delete 
the message without copying or disclosing it.
************************************************************************
*****


------------------------------

Message: 6
Date: Mon, 9 Jan 2006 02:38:16 +1030
From: Malcolm Kay <malcolm kay internode on net>
Subject: Re: is this an intruder?
To: redhat-list redhat com
Cc: "Bliss, Aaron" <ABliss preferredcare org>
Message-ID: <200601090238 16300 malcolm kay internode on net>
Content-Type: text/plain;  charset="iso-8859-1"

On Sun, 8 Jan 2006 05:55 am, Bliss, Aaron wrote:
> I would be careful of using the wheel group to allow ssh
> logins, as admins typically use this group in sudoers file to
> grant root access for non-root users; granting the wheel group
> ssh logins as well as root access is essentially allowing root
> access over ssh anyway; although an outside attacker would at
> least have to guess the non-root user's id and password.
>
> -----Original Message-----
> From: Stephen Carville [mailto:stephen totalflood com]
> Sent: Saturday, January 07, 2006 9:40 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is this an intruder?
>
> Marty Landman wrote:
> > Not sure if I'm reading this right as this is new to me but
> > it appears someone in Denmark spent about 10 minutes trying
> > a variety of userid's to start an ssh session on my network
> > gateway.
>
> Yep!  If you do not need ssh, your best defense is to disable
> it.
>
> Otherwise.
>
> Turn off root login and designate a group for oter ssh logins.
>  At home I just use "wheel."
>

This sounds dangerous -- wheel is normally an alternative to the
root group introduced for compatibility with some forms of BSD 
where it is the base privileged group.

Malcolm Kay

> in /etc/ssh/sshd_config
>
> PermitRootLogin  no
> AllowGroups      wheel
>
> Restart sshd
>
> Put you and anyone else who must have ssh access in the group
> wheel. Make sure they have good passwords.
>
> Other possible changes are to only allow ssh protocol 2 and to
> change the external port.  Check 'Protocol", "Port" and
> ListenAddress" in man sshd_config.
>



------------------------------

__
redhat-list mailing list
Unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

End of redhat-list Digest, Vol 23, Issue 9
******************************************
 
 
 
Peter Baron  
Senior UNIX Administrator
InterDigital Communications Corporation
2 Huntington Quadrangle
4th Floor, South Wing
Melville, NY 11747-4508
Tel.: +1 631.622.4295
Fax: +1 631.622.0101
Email: Peter Baron InterDigital com
http://www.InterDigital.com

 
 
 This e-mail is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and/or otherwise protected from disclosure to anyone other than its intended recipient.  Unintended transmission shall not constitute waiver of any privilege or confidentiality obligation. If you received this communication in error, please do not review, copy or distribute it, notify me immediately by email, and delete the original message and any attachments. Unless expressly stated in this e-mail, nothing in this message or any attachment should be construed as a digital or electronic signature.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]