Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Is it secure to run a ssh client as root?

from [Ondrej.Rajmon] Network Security [Permanent Link]
Subject: RE: Is it secure to run a ssh client as root?
Date: Wed, 3 Jan 2007 10:28:54 +0100 
It seems to be a good idea. Thanks for hint.

-----Original Message-----
From: CentrinO [mailto:sadlo007@seznam.cz]
Sent: Tuesday, January 02, 2007 9:29 PM
To: Rajmon, Ondřej
Subject: Re: Is it secure to run a ssh client as root?


Ondrej.Rajmon@cuzk.cz wrote:

Hello, 
I have a question that's rather theoretical than technical. I need to forward 
a privileged local port (80). As described in the ssh's manuall page, I need 
to run my ssh client as root. Can you tell me your opinion about security of 
such solution? What's the probability that somebody tries to attack a system 
thru a ssh client and will be succesfull (I mean compared to attacks thru a 
sshd (server) if it makes some differents)? Is such solution advisable for 
communication thru the Internet? 
Ondrej 

  

what about let the client use port for example 8080 and NAT localy 
connection to port 80?
something like:
iptables -t nat -I PREROUTING -p tcp -m tcp -d <Your IP> --dport 80 -j 
DNAT --to-destination 8080

Works fine and it is able to start SSH as unpriviledged user

Have a nice day

-- 
David "CentrinO" Kunes
Mail: centrino@perl.cz
ICQ : 87038956

Není většího lichotníka, než jakým je člověk sám sobě, a není lepšího léku 
proti tomuto lichocení, než upřímnost přítele.
                -- Francis Bacon
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Non root sshd logging to file issues, Lucuk, Pete
Next by Date:  Non root scp problem, An.H.Nguyen
Previous by Thread:  Is it secure to run a ssh client as root?, Ondrej.Rajmon
Next by Thread:  Non root sshd logging to file issues, Lucuk, Pete
Indexes:  [Date] [Thread] [Top] [All Lists]