|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Re: Re: open telnet port
From: Andrew Haninger (ahaning
gmail.com)
Date: Thu Sep 09 2004 - 08:41:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> How about, as a service to enable as you are updating SSH remotely from
> the other side of the country to fix the most recent problem security
> problem and need a backup system to get into the server in the event
> that something goes wrong?
Maybe it would work as well, to start a ssh daemon on a high port,
login on that high port, update the current sshd, start it up on port
22, logout of the high port, login on port 22, and kill the high-port
sshd.
So,
[foobox.com ~] sshd -p 6000
[barxob.com ~] ssh foobox.com -p 6000
[foobox.com ~] [kill sshd running on port 22]
[foobox.com ~] [make and install new sshd]
[foobox.com ~] sshd
[barxob.com ~] ssh foobox.com
[kill sshd running on port 6000]
This would nearly eliminate any danger due to your insecure version of
sshd since it would be running on a non-standard port for a brief
period of time, and you would not be passing any passwords in the
clear.
-Andy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]