[GRLUG] Linux Systems Compromised
David Pembrook
david at pembrook.net
Tue Aug 19 08:45:43 EDT 2008
Michael Mol wrote:
> On Mon, Aug 18, 2008 at 4:47 PM, Casey DuBois <casey at grlug.org> wrote:
>
>> Hey GRLUG,
>> I received the attached information and thought it may be useful to
>> some on the list.
>>
>>
>>
>
> Very interesting, but rootkits are nothing new. They've existed for
> well over ten years now; What's interesting about this is the breaking
> of the web of trust. One rooted system gave access to SSH keys that
> gave access to more systems, which garnered more SSH keys. It's worth
> noting that a properly-setup
>
> This makes me wonder about the wisdom of using ssh keys to bypass
> password restrictions. It's obviously safer to use ssh keys with
> passwords tied to them.
>
>
They probably had processes that required the systems to communicate and
run commands non-interactively thus requiring the use of ssh keys. I
think ssh keys are good for that but I never use them for interactive
processes where I should be typing a password.
There are ways to limit the functions available using the keys. This
article explains how set it up and how to limit what commands can be
used: http://www.imrobotbuddy.com/mylinuxtips/?p=46. He's using this for
backups which should not require the use of ssh keys in my opinion but
the concepts in the article might be of interest anyhow.
The real thing to learn here is that one system being cracked in your
network can compromise your entire network. Even without the keys a
hacker can try and crack all the passwords on a given box, and then work
their way through your network.
Dave
More information about the grlug
mailing list