SSH user without any rights on a server
Nils Kassube
kassube at gmx.net
Fri Jun 24 06:09:31 UTC 2011
Frank wrote:
> In order to open a reverse ssh connection between PC A and PC B, I'm
> using a "server in the middle", according to this guide [Real life
> example 2]
>
> http://toic.org/2009/01/18/reverse-ssh-port-forwarding/
>
> Everything works just fine. :-)
>
> Now, I'm concerned about the security risks involved by letting run
> the server with SSH port open. The main purpose of this server is to
> run web and mail services.
Which security risks are you concerned about? For the intermediate
server or for your company? Be careful not to violate your company's
security policies.
> As a precaution, I did the following steps
[...]
> By the way, the password associated to "reverseuser" is very weak.
Maybe you should at least read the link about ssh basics referenced at
the end of the article. If you use password authentication with a weak
password, you just built a nice backdoor to your company network. I'm
not a security expert, but to me (with my limited knowledge) it seems to
be _very_ insecure.
> The reason of the whole thing is to be able to assist some friends
> on their Ubuntu laptops.
In this case I would suggest that your friends should install sshd and
let you login for remote mainainance.
Nils
More information about the ubuntu-users
mailing list