Problems with Sudo
Michael R. Head
burner at suppressingfire.org
Thu Mar 15 18:28:28 UTC 2007
On Thu, 2007-03-15 at 08:16 -0400, Arthur H. Johnson II wrote:
> Technically, I have two SSH daemons running. The one exposed to the
> internet, running on port 9988, is configured to only allow "remoteuser"
> to log in.
>
> >From remote host to home.com:
> ssh -p 9988 remoteuser at home.com
> ssh localuser at localhost
>
> At that point, I'm on an entirely new tty. According to "w" and "who"
> I'm running as "localuser".
>
> As far as "why" its a personal security policy I've used since the
> beginning. An alternate SSH server operating on an alternate port,
> where only one unprivileged account is allowed to log in. From there,
> su to switch to real user.
How do you SCP to/from the machine?
To make your life easier, you might consider the ProxyCommand in
your .ssh/config files.
Also, you might consider port knocking if you're feeling very security
conscious: http://en.wikipedia.org/wiki/Port_knocking
> >
> --
> Arthur H. Johnson II <arthur at johnsonfamilymi.us>
>
>
--
Michael R. Head <burner at suppressingfire.org>
http://www.suppressingfire.org/~burner/
http://suppressingfire.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070315/09a1c739/attachment.bin>
More information about the ubuntu-users
mailing list