Subject: Re: automatic login
To: Wolfgang Rupprecht <wolfgang+gnus20020708T223412@wsrcc.com>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 07/09/2002 12:28:43
[ On , July 8, 2002 at 22:43:42 (-0700), Wolfgang Rupprecht wrote: ]
> Subject: Re: automatic login
>
>
> The part I found uncomfortable was that in each case there was an
> unencrypted set of root credentials laying around for the taking. If
> someone manages to copy that file, they could come in from the
> internet side as root.
It's safer to use /root/.shosts. You could also
The SSH.COM version of sshd2 allows "user@host" form in AllowUsers. In
combination with DenyUsers you could configure the target machine to
only allow root from certain hosts.
Hmmmm.... the SSH.COM version also has AllowSHosts:
AllowSHosts
This keyword can be followed by any number of host
name patterns, separated by commas, just as the
option AllowHosts. The entries in .shosts,
.rhosts, /etc/hosts.equiv and /etc/shosts.equiv are
ignored if they do not match one of the patterns
given here (if there are any).
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>