Another alternative is to use a one-time password (OTP)
true, but if you then would use s - to get a root-shell the
root-password would still go cleartext over the net and
connection hijacking is a serious possibility (even so
man-in-the-middle attacks)
The moral of that story is that if you use OTP, it's only for
authentication, not for encryption. Thus, don't do anything
confidential over the line. That includes typing passwords,
reading confidential email, berating your boss, making
death-threats, etc.
Connection hijacking/MITM injection attacks are also a
possibility and a far more serious matter if on the wild
internet. One might want to create a remote-access user in a
chroot jail that you can use, only providing the utilities that
you'd need/want remotely and that don't access confidential
information. This does cut down on the usefulness of the whole
matter, but if you just want to remotely access a small selection
of files, OTP+chroot might be a good way to be safely access even
over a telnet connection.
-tim
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list