SSH user without any rights on a server
Frank
mailinglists at lavabit.com
Fri Jun 24 10:03:57 UTC 2011
Hi Nils
On Fri, 2011-06-24 at 08:09 +0200, Nils Kassube wrote:
> Which security risks are you concerned about? For the intermediate
> server or for your company?
For the intermediate server.
> If you use password authentication with a weak
> password, you just built a nice backdoor to your company network.
For that reason I gave "reverseuser" a fake shell, no home folder, he is
not member of any group, etc... (as described in my post).
> I'm
> not a security expert, but to me (with my limited knowledge) it seems to
> be _very_ insecure.
For that reason I asked the mailing-list, where most of the participants
are more expert than what I am.
I appreciate your answer, but I can not do much with "feelings". What I
need are advices, like "OK, clever idea, but remember that «reverseuser»
could still do this and this. So, to be sure, disable this and this.".
> friends should install sshd and let you login for remote mainainance.
Unfortunately, that's not an option.
They move between different locations so I never know their IP address.
They have no access to routers/firewall in order to forward port 22 (and
even If they have access to the router's settings, I doubt they know
what to do).
More information about the ubuntu-users
mailing list