Need ideas: moving stuff to server
Michael Hipp
Michael
Sat May 14 13:27:10 PDT 2005
David A. Bandel wrote:
> Don't make is easy, do you? But if you can ssh in then become root,
> what's the difference? If you're worried about dictionary attacks
> against ssh as root, why not just disable password logins and only allow
> via authorized_keys? That would fix several problems in one step.
I don't allow password logins nor do I allow root login. Only to bona
fide users and only with private keys. Forces the attacker to know a
*lot* to even begin to mount an attack.
> Otherwise, I'd say you need to get a root key from the other system onto
> your box as an authorized key, then put a script (mynewfile.sh) on the
> other box that would take as arguments: your IP, script name (full
> pathed on your box), path where you want the script to go, permissions
> for file. Then just: ssh server mynewfile.sh mybox /home/me/myscript
> /etc/init.d/myscript 755 <enter>
Ok, I can imagine a script that does such. But how do I cross the "su"
barrier. I issue a command on the client that starts a script on the
server with several params sent across. But the script is running as me.
How I enable it to do su things automatically?
Thanks,
Michael
More information about the Linux-users
mailing list