 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 09:07:26 +0100, Invisible wrote:
> On 12/09/2011 10:20 PM, Jim Henderson wrote:
>> On Mon, 12 Sep 2011 21:17:02 +0100, Orchid XP v8 wrote:
>>
>>> I'm not aware of any Unix system which *defaults* to letting remote
>>> users access the entire filesystem if they know the root password.
>>> Probably because it's a stunningly bad idea, unless the local network
>>> is trusted. But anyway...
>>
>> Every unix system can do this with something like sshfs installed - on
>> the client side only - and sshd running on the server.
>
> Yes, if you /install stuff/ you can do it.
sshd is installed by default with Linux. I have to put something on the
client side only, not on the server.
> My point is that Windows lets you do this by default. Nothing to
> install, nothing to configure. It's the *default* configuration state,
> unless you purposely changed it.
That's because back in the early days of Windows, Bill Gates infamously
said that the OS shouldn't come between the user and what the user wants
to do. The default model back in the early days was no security at all.
And since then, there has been a desire to maintain backwards
compatibility while adding a security layer on top of it.
*nix, OTOH, was designed from the start with security in mind.
(Yes, NT arguably was as well - but the backwards compatibility thing
still was an issue with NT)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 15:00:57 +0100, Invisible wrote:
>>> It's the *default* configuration state, unless you purposely changed
>>> it.
>>
>> SO, if I was to provide you with a Linux distro that had ftpd and sshd
>> installed by default, and allowed remote root logins, would you concede
>> the point?
>
> It's news to me that any distro actually does this. But sure, then I
> could concede that Windows and Linux both make it equally trivial.
openSUSE includes ftpd and sshd by default, though I don't recall now if
the firewall is open by default or if the services are enabled by default.
openssh's manpage says that "PermitRootLogin" defaults to yes, which
means root can login by default.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 09:06:42 +0100, Invisible wrote:
> Yes indeedy. (I also know that they got the usual meanings of "server"
> and "client" backwards too.)
Um, no, not that I'm aware of. What do you mean?
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 11:42:31 +0100, Invisible wrote:
> Like I said, I haven't personally tried to run X remotely. (I wouldn't
> know how.) I'm told it requires spending hours editing the X
> configuration files to set up authentication and so forth, and then to
> make sure the server is started, and then to tell the application you
> want to run to open on the remote machine rather than the local one (by
> using CLI options that vary for every individual program so you have to
> look them up), and then...
Nonsense.
ssh -X hostname
<Launch X application>
Application launches and X interface is on my machine while the code runs
on the remote machine.
No configuration necessary at all.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 15:23:09 +0100, Invisible wrote:
>>> So you're seriously telling me that with a default Linux install, not
>>> only is an ssh server installed, but it's actually configured to allow
>>> incoming connections and service them? And that X will actually work
>>> in this configuration?
>>
>> I don't remember if sshd is enabled by default on OpenSuse, but it's
>> as easy to enable as doing a couple of mouse clicks (and typing the
>> root password, so that yast can perform the system modifications). IIRC
>> it even offers you to automatically open the ssh port on the firewall.
>
> Damn. Setting up SSH has got a whole lot easier than when I tried to do
> it with Debian a few years ago.
>
> I'm presuming it defaults to password authentication though? As I
> recall, half the trouble was figuring out how to permanently and
> irrevocably disable password authentication and *only* allow public key
> authentication. (For one thing, you have to work out how to create a
> keypair...)
Yes, it defaults to password authentication.
To disable password authentication, modify /etc/ssh/sshd_config to
include:
PasswordAuthentication no
Done.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 10:11:02 -0400, Francois Labreque wrote:
> Nope, that's Citrix (it may have changed names since MS acquired them
Citrix was not acquired by Microsoft - they're still very much a separate
company. (I know, as I've applied for a couple jobs with them, and know
people who work there)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 13 Sep 2011 09:27:08 +0100, Invisible wrote:
> I think it's more the general problem of Internet security. If you
> expose a service to the Internet, random people will try to hack it.
> Security is a Hard Problem.
Security is a relatively easy problem. You only allow services that need
to be allowed, and if it's a common service that might be attacked, you
harden against it - using chroot jails, different ports, or tools that
look for failed attempts and block an IP address if too many attempts are
failed.
At least, it's pretty easy on a *nix platform. ;)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/13/2011 3:40, Warp wrote:
> Invisible<voi### [at] dev null> wrote:
>> I said that Windows allows it *by default*
>
> So how exactly would I transfer a file to you from my Windows?
RDP to his machine, then use copy/paste on the files.
Or mount \\94.23.84.122\someshare and store the file there.
Both of which are turned on by default.
In either case, you're going to need an account on the destination computer.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/13/2011 1:06, Invisible wrote:
> Yes indeedy. (I also know that they got the usual meanings of "server" and
> "client" backwards too.)
No they didn't. It's just that most people confuse "client" with "what I see."
> Now I haven't tried it, but I'm told is approximately /impossible/ to
> actually configure X so that you can access it remotely.
It's pretty easy if you want to start it after you already logged in via
text console.
> (OTOH, doesn't X allow more than one user to log in at once?
Not really. Remember, client and server are "reversed". You still need one
computer per user, and indeed, I don't know of any modern distro that lets
you lock the screen as one X user and then log in as a different user
without logging out the first one. (Someone tell me if there's a way to do
this with Ubuntu! :-)
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/13/2011 3:25, Warp wrote:
> What kind of configuration did I do to be able to log in into my friend's
> computer and run an app remotely? Or to transfer files for that matter (which
> was the original point)?
You needed an account there, which is all you actually need for Windows too. :-)
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
