Re: Using Debian SID on a Mac SE/30
On 4/14/21 8:23 PM, Finn Thain wrote:
> On Wed, 14 Apr 2021, Stan Johnson wrote:
> ...
>>
>> Does anyone know of a way to set the ftp login timeout? I could probably
>> modify the ftpd source, but I would prefer to modify a configuration
>> file setting if possible.
>>
>
> I don't know about ftpd but if you install vsftpd you can control those
> timeouts in vsftpd.conf.
Thanks, vsftpd may be an option.
>
>> ... I think my next effort will be to break PAM and
>> revert to old-style authentication, if possible.
>
> You can probably test that approach by building a portable FTP or Telnet
> daemon and disabling PAM support using ./configure.
>
> You may also want to try minimal implementations of telnetd and ftpd, such
> as the ones offered by busybox. If you build your own, you also get to
> modify any hard-coded timeout constants.
Thanks for those suggestions.
>
>> It's interesting that I can login almost immediately using telnet or ftp
>> using A/UX, but telnet in Debian takes about 100 seconds (and ftp still
>> times out).
>>
>
> Most of that is probably password hashing. Look in /etc/shadow and you'll
> probably find long password hashes. If you're not worried about weak
> hashes, you could switch to DES which is probably what A/UX uses. See 'man
> login.defs' and 'man 3 crypt'.
>
> BTW, if your password hashes are never leaked or your actual passwords are
> guessable anyway then I don't see much benefit from SHA512.
>
> FTR, I'm not advocating guessable passwords and weak hashes. But if you
> want to try it, I hear that 12345 is very popular:
>
> $ perl -e 'print crypt("12345","xx")."\n"'
> xxwddmriJc5TI
>
I've always supported security protocols that match the associated risk.
For systems that are not exposed to the public Internet and that require
clear-text protocols, anyway, such as telnet and ftp, for reasonable
access, there is nothing wrong with minimal password hashes (though I
agree "12345" is still a bad idea!).
-s
Reply to: