[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accounts on debian.org machines

On Tue, 9 Dec 2003 11:04, David B Harris <david@eelf.ddts.net> wrote:
> Or are you saying that you used root@adsl.coker.com.au for your
> computing needs, including storing your unencrypted GPG, unencrypted SSH
> key (or encrypted, in which case both of which use the passwords you've
> posted), your email client, your web browsing, your programming, your
> work, and what have you? :)

It wouldn't surprise me if someone did that.

ssh private keys have been installed on my play machine (never checked whether 
they were specially generated for my play machine or copied from somewhere 
else), people have used it to ssh and scp to root accounts on other servers 
(which presumably are not SE Linux play machines), people have logged in with 
X11 and xauth forwarding enabled.

One time someone claimed to have broken the security of my play machine by 
writing a shell script to "kill -1" the shells of other users.  However they 
had apparently enabled X11 forwarding...

Incidentally the adsl.coker.com.au host disappeared 9 months ago when I 
switched from Amsterdam ADSL to Melbourne Cable.  The details of my new play 
machine are linked from my .sig.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: