From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vsu@altlinux.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.2.5
Date: Fri, 22 Mar 2013 20:39:12 +0400
From: Sergey Vlasov <vsu@altlinux.ru>
To: smoke-room@lists.altlinux.org
Message-ID: <20130322203912.5b3b7350@center4.lan.mivlgu.ru>
In-Reply-To: <20130320134518.GK2057@osdn.org.ua>
References: <51498C17.6090408@icv.org.ru> <20130320134518.GK2057@osdn.org.ua>
X-Mailer: Claws Mail 3.7.10 (GTK+ 2.24.10; x86_64-alt-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [room] Linux.sshdkit
X-BeenThere: smoke-room@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: =?koi8-r?b?69XM2NTV0s7ZyiDPxtTP0MnL?= <smoke-room@lists.altlinux.org>
List-Id: =?koi8-r?b?69XM2NTV0s7ZyiDPxtTP0MnL?= <smoke-room.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/smoke-room>,
	<mailto:smoke-room-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/smoke-room>
List-Post: <mailto:smoke-room@lists.altlinux.org>
List-Help: <mailto:smoke-room-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/smoke-room>,
	<mailto:smoke-room-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2013 16:39:21 -0000
Archived-At: <http://lore.altlinux.org/smoke-room/20130322203912.5b3b7350@center4.lan.mivlgu.ru/>
List-Archive: <http://lore.altlinux.org/smoke-room/>

On Wed, 20 Mar 2013 15:45:19 +0200 Michael Shigorin wrote:

> On Wed, Mar 20, 2013 at 02:14:47PM +0400, =D0=9A=D0=B0=D0=BB=D0=B8=D0=BD=
=D0=B8=D0=BD =D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC wrote:
> > =D0=9F=D0=BE=D0=BF=D0=B0=D0=BB=D0=BE=D1=81=D1=8C =D1=82=D1=83=D1=82 =D0=
=BA=D0=B0=D0=BA-=D1=82=D0=BE =D0=BD=D0=B0 =D0=B4=D0=BD=D1=8F=D1=85:
> > http://www.securitylab.ru/news/438589.php
>=20
> =D0=AD=D1=82=D0=BE =D0=B4=D0=BB=D1=8F =D1=86=D0=B5=D0=BD=D1=82=D0=BE=D1=
=81=D0=B0 =D0=BF=D0=BE =D0=B1=D0=BE=D0=BB=D1=8C=D1=88=D0=B5=D0=B9 =D1=87=D0=
=B0=D1=81=D1=82=D0=B8, =D1=82=D0=B0=D0=BC =D0=B1=D1=8B=D0=BB =D1=88=D0=BB=
=D1=8F=D0=BF=D0=BD=D1=8B=D0=B9 =D0=BB=D1=8F=D0=BF:
> http://www.opennet.ru/opennews/art.shtml?num=3D36198

=D0=9A=D0=B0=D0=BA =D1=80=D0=B0=D0=B7 =D1=8D=D1=82=D0=BE=D1=82 =D0=BB=D1=8F=
=D0=BF =D1=82=D0=B0=D0=BC =D1=81=D0=BE=D0=B2=D0=B5=D1=80=D1=88=D0=B5=D0=BD=
=D0=BD=D0=BE =D0=BD=D0=B5 =D0=BF=D1=80=D0=B8 =D1=87=D1=91=D0=BC=C2=A0=E2=80=
=94 =D0=BC=D0=BE=D0=B4=D1=83=D0=BB=D1=8C pam_ssh_agent_auth
=D0=BD=D0=B5 =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=
=D0=BB=D1=81=D1=8F =D0=BD=D0=B8 =D0=BD=D0=B0 =D0=BE=D0=B4=D0=BD=D0=BE=D0=B9=
 =D0=B8=D0=B7 =D0=B2=D0=B7=D0=BB=D0=BE=D0=BC=D0=B0=D0=BD=D0=BD=D1=8B=D1=85 =
=D1=81=D0=B8=D1=81=D1=82=D0=B5=D0=BC.

=D0=92=D0=BE=D1=82 =D0=B2=D0=B5=D1=82=D0=BA=D0=B0 =D1=84=D0=BE=D1=80=D1=83=
=D0=BC=D0=B0, =D0=B3=D0=B4=D0=B5 =D0=BE=D0=B1=D1=81=D1=83=D0=B6=D0=B4=D0=B0=
=D0=BB=D1=81=D1=8F =D1=8D=D1=82=D0=BE=D1=82 =D1=80=D1=83=D1=82=D0=BA=D0=B8=
=D1=82:

  http://www.webhostingtalk.com/showthread.php?t=3D1235797&page=3D84

=D0=9A=D0=B0=D0=BA =D1=80=D0=B0=D0=B7 =D0=BD=D0=B0 =D1=8D=D1=82=D0=BE=D0=B9=
 =D1=81=D1=82=D1=80=D0=B0=D0=BD=D0=B8=D1=86=D0=B5 =D0=BF=D0=BE=D1=8F=D0=B2=
=D0=B8=D0=BB=D0=B8=D1=81=D1=8C =D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=
=D0=B8=D1=8F, =D1=87=D1=82=D0=BE =D0=BA=D0=BE=D0=BC=D0=BF=D0=B0=D0=BD=D0=B8=
=D1=8F cPanel
=D0=BF=D1=80=D0=B8=D0=B7=D0=BD=D0=B0=D0=BB=D0=B0 =D1=84=D0=B0=D0=BA=D1=82 =
=D0=B2=D0=B7=D0=BB=D0=BE=D0=BC=D0=B0 =D0=B8=D1=85 =D1=81=D0=B5=D1=80=D0=B2=
=D0=B5=D1=80=D0=BE=D0=B2, =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=
=D0=B2=D0=B0=D0=B2=D1=88=D0=B8=D1=85=D1=81=D1=8F =D0=BE=D1=82=D0=B4=D0=B5=
=D0=BB=D0=BE=D0=BC =D1=82=D0=B5=D1=85=D0=BF=D0=BE=D0=B4=D0=B4=D0=B5=D1=80=
=D0=B6=D0=BA=D0=B8,
=D0=B0 =D0=B2 =D0=B1=D0=B0=D0=B7=D0=B0=D1=85 =D1=82=D0=B0=D0=BC =D0=BB=D0=
=B5=D0=B6=D0=B0=D0=BB=D0=BE =D0=BC=D0=BD=D0=BE=D0=B6=D0=B5=D1=81=D1=82=D0=
=B2=D0=BE =D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D0=B5=D0=B9, =D0=BF=D1=80=D0=B5=D0=
=B4=D0=BE=D1=81=D1=82=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=BD=D1=8B=D1=85 =D0=
=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=D0=B0=D0=BC=D0=B8 cPanel
=D0=B4=D0=BB=D1=8F =D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF=D0=B0 =D1=82=D0=B5=
=D1=85=D0=BF=D0=BE=D0=B4=D0=B4=D0=B5=D1=80=D0=B6=D0=BA=D0=B8 =D0=BA =D0=B8=
=D1=85 =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0=D0=BC; =D1=82=D0=B0=D0=BA=
 =D1=87=D1=82=D0=BE =D0=B4=D0=BB=D1=8F =D0=BF=D0=BE=D1=81=D0=BB=D0=B5=D0=B4=
=D1=83=D1=8E=D1=89=D0=B5=D0=B3=D0=BE
=D0=B2=D0=BD=D0=B5=D0=B4=D1=80=D0=B5=D0=BD=D0=B8=D1=8F =D1=80=D1=83=D1=82=
=D0=BA=D0=B8=D1=82=D0=BE=D0=B2 =D0=BD=D0=B0 =D1=8D=D1=82=D0=B8 =D1=81=D0=B5=
=D1=80=D0=B2=D0=B5=D1=80=D0=B0 =D0=BD=D0=B5 =D0=BF=D0=BE=D1=82=D1=80=D0=B5=
=D0=B1=D0=BE=D0=B2=D0=B0=D0=BB=D0=BE=D1=81=D1=8C =D0=B8=D1=81=D0=BA=D0=B0=
=D1=82=D1=8C =D1=82=D0=B0=D0=BC
=D1=83=D1=8F=D0=B7=D0=B2=D0=B8=D0=BC=D0=BE=D1=81=D1=82=D0=B8.  =D0=9A=D1=80=
=D0=BE=D0=BC=D0=B5 =D1=82=D0=BE=D0=B3=D0=BE, =D0=B2 =D0=BD=D0=B5=D0=BA=D0=
=BE=D1=82=D0=BE=D1=80=D1=8B=D1=85 =D1=81=D0=BB=D1=83=D1=87=D0=B0=D1=8F=D1=
=85 =D0=BE=D0=B1=D0=BD=D0=B0=D1=80=D1=83=D0=B6=D0=B8=D0=B2=D0=B0=D0=BB=D0=
=B8 =D0=B2=D1=80=D0=B5=D0=B4=D0=BE=D0=BD=D0=BE=D1=81=D0=BD=D0=BE=D0=B5
=D0=9F=D0=9E, =D0=BF=D0=BE=D1=85=D0=B8=D1=89=D0=B0=D1=8E=D1=89=D0=B5=D0=B5 =
=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D0=B8, =D0=BD=D0=B0 =D0=BA=D0=BE=D0=BC=D0=BF=
=D1=8C=D1=8E=D1=82=D0=B5=D1=80=D0=B0=D1=85 =D1=81 Windows, =D0=B8=D1=81=D0=
=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=B2=D1=88=D0=B8=D1=85=D1=81=
=D1=8F =D0=B4=D0=BB=D1=8F
=D0=B0=D0=B4=D0=BC=D0=B8=D0=BD=D0=B8=D1=81=D1=82=D1=80=D0=B8=D1=80=D0=BE=D0=
=B2=D0=B0=D0=BD=D0=B8=D1=8F =D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=BE=D0=
=B2, =D0=B3=D0=B4=D0=B5 =D0=B2=D0=BF=D0=BE=D1=81=D0=BB=D0=B5=D0=B4=D1=81=D1=
=82=D0=B2=D0=B8=D0=B8 =D0=B1=D1=8B=D0=BB =D0=BE=D0=B1=D0=BD=D0=B0=D1=80=D1=
=83=D0=B6=D0=B5=D0=BD =D1=80=D1=83=D1=82=D0=BA=D0=B8=D1=82.

=D0=9A=D1=81=D1=82=D0=B0=D1=82=D0=B8, =D1=82=D0=B0=D0=BC =D0=B6=D0=B5 =D0=
=BD=D0=B0=D1=88=D1=91=D0=BB=D1=81=D1=8F =D0=B8=D0=BD=D1=82=D0=B5=D1=80=D0=
=B5=D1=81=D0=BD=D1=8B=D0=B9 =D1=81=D0=BF=D0=BE=D1=81=D0=BE=D0=B1 =D0=BE=D1=
=82=D0=BD=D0=BE=D1=81=D0=B8=D1=82=D0=B5=D0=BB=D1=8C=D0=BD=D0=BE =D0=B1=D0=
=B5=D0=B7=D0=BE=D0=BF=D0=B0=D1=81=D0=BD=D0=BE=D0=B3=D0=BE
=D0=BF=D1=80=D0=B5=D0=B4=D0=BE=D1=81=D1=82=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=
=B8=D1=8F root-=D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF=D0=B0 =D0=B4=D0=BB=D1=
=8F =D1=82=D0=B5=D1=85=D0=BF=D0=BE=D0=B4=D0=B4=D0=B5=D1=80=D0=B6=D0=BA=D0=
=B8:

  http://www.webhostingtalk.com/showpost.php?p=3D8570958&postcount=3D1277

| About handing out login credentials to "unknown" people. (Like support
| desks etc). What I do is:
|=20
| - I change the root pw.
| - I create 2 users, one without any privileges, one with sudo
|   privileges.
| - I login as the user without privileges and start screen.
| - In the screen terminal I ssh to the local host logging in as the
|   user with the sudo privileges.
| - Once logged in I sudo to root level.
| - Then I disconnect from the screen session.
| - I give the details of the non privileged user to the people
|   requiring access, and tell them to login and then connect with
|   "screen -x" to the privileged shell.
| - At the same time I will have a screen session open attached to the
|   same terminal. That way I can see exactly what they are doing in the
|   root shell... If you see something you don't like, you just kill the
|   screen process...
| - Once done I just remove the 2 new users, and everything should be
|   back to (relative) safety. I also change the root pw again, just in
|   case...
|=20
| I know, it is maybe not the best way, but it gives a lot more
| control/overview what is happening...