Re: Shell Access

Christer Olsson (cox@clavicula.mednet.gu.se)
Wed, 9 Jul 1997 12:36:42 +0200 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christer Olsson: "Re: Portmaster 2e uptime birthday"
Previous message: MegaZone: "Re: MZ must be on vacation (fwd)"

On Tue, 8 Jul 1997, Stephen Zedalis wrote:

NEVER use the radius-server for shell-accounts! That=B4s dangerous!=20

I guess the user wants shell access for running IRC-bots or something.=20
That may give very high traffic because all attacks against IRC-bots.=20

Even muds may give heavy traffic.=20

If you=B4ll give him shell-access, just do that on some different=20
Linux-machine, I.e an old 486 with linux or so. If possible, on a=20
ethernet-switch so the linuxmachine cannot scan the network for passwords=
=20
or so.=20

> If he is using Linux... Minicom is a terminal program (a knockoff of
> the DOS Telix program). Are you sure that is the kind of "router" he
> has? He already has a "shell", his own computer! Just have him configur=
e
> his box for PPP and then he has the exact equivalent of a "shell account"
> on your network. ('cept it is going to be slower than your ethernet
> boxes) If you wanted to do this, you just make his Login-Service =3D
> Telnet or Rlogin and his Login-Host =3D your shell box IP number.
>=20
> I would be careful with this guy. Sounds like he is trying to take
> advantage of the situation and capitalize on your lack of knowledge.
> He has the equivalent of shell already. Why does he feel he needs to
> do it on your box? Does he want to compile using your CPU cycles.
> Does he want to run a 24/7 MUD (multi-user dungeon game)? Or is he
> looking for an opportunity to hack your system. Most systems don't
> run shell because of the security risk, and those that do (if they are
> smart) only offer a nutted shell that is running on its own box. That
> way if he crashes it, it ain't a vital server that just went down.
> It is apparent that he is already very familiar with UNIX so it isn't
> "for training" either. From a shell box he can sniff your network=20
> (if you aren't running switched ethernet). If all these warnings do
> not deter you, go ahead and setup the radius account as above.
>=20
> On Tue, 8 Jul 1997, Luther D. Keal wrote:
>=20
> >I've got a subscriber that wants shell access. He's using a Linux box
> >with Minicom router as the dial-up media.
> >
> >He just wants shell access.
> >
> >I'm using PM-3 and a Linux box for authentication.
> >
> >How do I set up the PM-3 and/or the Radius to shut off PPP for his sessi=
on
> >so he comes straight in thru the PM-3 and into the Unix shell account.
> >
> >Sounds simple, but I'm clueless.
> >
> >Dave Keal
> >SIERRA INTERNET
> >
>=20

Next message: Christer Olsson: "Re: Portmaster 2e uptime birthday"
Previous message: MegaZone: "Re: MZ must be on vacation (fwd)"