Re: Shell Access

Stephen Zedalis (tintype@exis.net)
Wed, 9 Jul 1997 09:25:35 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aaron: "Re: PM3 Connections"
Previous message: Stephen Fisher: "Re: TCP-Clear Rlogin possible? (fwd)"

Hey, if you look at the message, I did NOT advise using shell accounts.
In fact, I counselled against it. Please ascribe the request for help
on setting up shell accounts to the person who posted it.

On Wed, 9 Jul 1997, Christer Olsson wrote:

>
>
>On Tue, 8 Jul 1997, Stephen Zedalis wrote:
>
>NEVER use the radius-server for shell-accounts! That=B4s dangerous!=20
>
>I guess the user wants shell access for running IRC-bots or something.=20
>That may give very high traffic because all attacks against IRC-bots.=20
>
>Even muds may give heavy traffic.=20
>
>If you=B4ll give him shell-access, just do that on some different=20
>Linux-machine, I.e an old 486 with linux or so. If possible, on a=20
>ethernet-switch so the linuxmachine cannot scan the network for passwords=
=20
>or so.=20
>
>> If he is using Linux... Minicom is a terminal program (a knockoff of
>> the DOS Telix program). Are you sure that is the kind of "router" he
>> has? He already has a "shell", his own computer! Just have him configu=
re
>> his box for PPP and then he has the exact equivalent of a "shell account=
"
>> on your network. ('cept it is going to be slower than your ethernet
>> boxes) If you wanted to do this, you just make his Login-Service =3D
>> Telnet or Rlogin and his Login-Host =3D your shell box IP number.
>>=20
>> I would be careful with this guy. Sounds like he is trying to take
>> advantage of the situation and capitalize on your lack of knowledge.
>> He has the equivalent of shell already. Why does he feel he needs to
>> do it on your box? Does he want to compile using your CPU cycles.
>> Does he want to run a 24/7 MUD (multi-user dungeon game)? Or is he
>> looking for an opportunity to hack your system. Most systems don't
>> run shell because of the security risk, and those that do (if they are
>> smart) only offer a nutted shell that is running on its own box. That
>> way if he crashes it, it ain't a vital server that just went down.
>> It is apparent that he is already very familiar with UNIX so it isn't
>> "for training" either. From a shell box he can sniff your network=20
>> (if you aren't running switched ethernet). If all these warnings do
>> not deter you, go ahead and setup the radius account as above.
>>=20
>> On Tue, 8 Jul 1997, Luther D. Keal wrote:
>>=20
>> >I've got a subscriber that wants shell access. He's using a Linux box
>> >with Minicom router as the dial-up media.
>> >
>> >He just wants shell access.
>> >
>> >I'm using PM-3 and a Linux box for authentication.
>> >
>> >How do I set up the PM-3 and/or the Radius to shut off PPP for his sess=
ion
>> >so he comes straight in thru the PM-3 and into the Unix shell account.
>> >
>> >Sounds simple, but I'm clueless.
>> >
>> >Dave Keal
>> >SIERRA INTERNET
>> >
>>=20
>

Next message: Aaron: "Re: PM3 Connections"
Previous message: Stephen Fisher: "Re: TCP-Clear Rlogin possible? (fwd)"