[linux-elitists] pop/ftp and shell

Don Marti dmarti@zgp.org
Wed Mar 29 18:10:12 PST 2000


On Wed, Mar 29, 2000 at 05:41:39PM -0800, Derek Vadala wrote:

> I'm more worried about the compromise of plaintext passwords leading to
> the compromise of a shell account. 

If somebody can ftp in a new .ssh/authorized_keys, they can log in
without knowing the password for the shell account.  Make sure the
ftp accounts only have access to an area where they can't screw up
the system.

Rick Moen recommends ftp only for _outgoing_ file transfers from your
system: http://linuxmafia.com/pub/linux/security/ftp-daemons
and has compiled a list of ssh clients, some of which support
scp to let users put files up: 
http://linuxmafia.com/pub/linux/security/ssh-clients

-- 
Don Marti                Join the Great American GAS OUT.  Do not buy
dmarti@zgp.org            any gas from April 7, 2000 to April 7, 2002 
http://zgp.org/~dmarti/         
whois DM683      Except gas for burning GIFs: http://burnallgifs.org/




More information about the linux-elitists mailing list