[linux-elitists] pop/ftp and shell

Rick Moen rick@linuxmafia.com
Wed Mar 29 18:11:45 PST 2000


Quoting Derek Vadala (derek@cynicism.com):

> The idea is that you corner off the pop and ftp because they send a
> password in clear text. That way if the pop/ftp account is compromised
> the damage is somewhat limited (i.e. that account can't be used to
> install root kits and the lot).

Funny, I've been brooding over the exact same problem.  It used to be 
a _huge_ problem for me when I lived above The CoffeeNet, because I
was on the same unswitched hub as public 10 & 100Base-T ports, where
people ran password sniffers frequently.

My candidate solution is as follows:  Recompile your pop and ftp daemons
to use a different authentication database, e.g. /etc/shadow.insecure .
Populate it for each user with dumbass password, e.g., "password".

Now, you can allow users in via sshd, confident that they'll not be
allowed to do make the usual idiot move of changing their ssh password
to match their pop/ftp one.  (The cracklib check won't allow them.)

Run ftpd so that the user is chrooted to ~.  Then, pretty much the only
security exposure is that the user might get his mail stolen.

(You can't stop the idiots from using as their ssh passwords what they
also use on other systems, but you _can_ set a password expiration
policy.)

-- 
Cheers,              "By reading this sentence, you agree to be bound by the 
Rick Moen             terms of the Internet Protocol, version 4, or, at your 
rick (at) linuxmafia.com   option, any later version."  -- Seth David Schoen




More information about the linux-elitists mailing list