[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Re: open telnet port
- To: ktabic <lists@xxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Re: Re: open telnet port
- From: Andrew Haninger <ahaning@xxxxxxxxx>
- Date: Thu, 9 Sep 2004 09:41:20 -0400
> How about, as a service to enable as you are updating SSH remotely from
> the other side of the country to fix the most recent problem security
> problem and need a backup system to get into the server in the event
> that something goes wrong?
Maybe it would work as well, to start a ssh daemon on a high port,
login on that high port, update the current sshd, start it up on port
22, logout of the high port, login on port 22, and kill the high-port
sshd.
So,
[foo@xxxxxxx ~] sshd -p 6000
[bar@xxxxxxx ~] ssh foo@xxxxxxx -p 6000
[foo@xxxxxxx ~] [kill sshd running on port 22]
[foo@xxxxxxx ~] [make and install new sshd]
[foo@xxxxxxx ~] sshd
[bar@xxxxxxx ~] ssh foo@xxxxxxx
[kill sshd running on port 6000]
This would nearly eliminate any danger due to your insecure version of
sshd since it would be running on a non-standard port for a brief
period of time, and you would not be passing any passwords in the
clear.
-Andy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html