Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [suse-security] connection via telnet, XServer, ssh
From: Peer Stefan (stefan.peertiwag.at)
Date: Wed Apr 16 2003 - 03:57:17 CDT
> From: Habichtsberg, R. [mailto:reinhard.habichtsbergunilux.de]
> Hi all,
> how do you estimate the security risk of the following situation:
> I log into a linux-server from a windows-client via telnet as
> normal user.
Why don't you use ssh? There are many nice windows ssh clients out there, putty for example.
> From the linux-server I start a x-session
> (command: konsole -display windows-client:0,0)
> to a x-server (MIXServer 5.6) on the windows-client.
> From this session I open a ssh-session to a second linux-server
> where I have to work as root (su -).
> Now, if I would scan the data between the windows PC and the
> could I read them not coded, particularly could I read the
> root password
> in plaintext?
Yes. The password is transmitted via X over the network, which isn't encrypted afaik.
But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log."
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here