Prev: Magic Mouse review
Next: where are my console message????!!!! ##@@$$#$%#!
From: Jack Shown on 4 Nov 2009 02:35
If root is not enabled (other than by sudo), is it possible to scp a
file to a root-owned folder? If so, could you please provide an
example? Thanks a bunch.
From: Geoffrey S. Mendelson on 4 Nov 2009 08:59
Michael Vilain wrote:

> scp is usually used for remote copying. Since remote access via root is
> a Bad Idea(tm) unless you implicitly trust the local and remote systems.
> Setup a .hosts file on the remote system to allow root access via the
> local system, same as rcp.

Since one can spoof a host name, I would not recommend it. (unless you are
really creative with host names)

I've not done it with MacOS, but on all my othe *NIX systems, I always set
up ssh to accept only a key as valid athentication, as script kiddies have
figured out how to open an ssh session and try various user names and passwords.

While RSA-1 keys are easy to crack if you have the right program, it is unlikely
that someone trying to "hack in" over an internet connection will get it,
and RSA-2 or DSA keys are difficult enough to not worry.

Note there was a debian fork of ssh that reduced all keys to 128 bits,
so make sure you have an up to date version of SSH if you are using a
debian based system. All versions of MacOS's ssh are safe.

If you are accepting connections from outside of your own private, firewalled
network for SSH, use a different port, something relatively high to prevent
someone trying a few to get in.

If you do not want someone who walks up to your Mac to have the capability
of using these keys, you can passphrase protect them. This is different
than passwords, as the authentication is still done by key, however the
key is encrypted on your Mac using the passphrase.

Geoff.

--
Geoffrey S. Mendelson, Jerusalem, Israel gsm(a)mendelson.com N3OWJ/4X1GM
From: Jolly Roger on 4 Nov 2009 10:34
In article <slrnhf31sb.o6d.gsm(a)cable.mendelson.com>,
"Geoffrey S. Mendelson" <gsm(a)mendelson.com> wrote:

> Michael Vilain wrote:
>
> > scp is usually used for remote copying. Since remote access via root is
> > a Bad Idea(tm) unless you implicitly trust the local and remote systems.
> > Setup a .hosts file on the remote system to allow root access via the
> > local system, same as rcp.
>
> Since one can spoof a host name, I would not recommend it. (unless you are
> really creative with host names)
>
> I've not done it with MacOS, but on all my othe *NIX systems, I always set
> up ssh to accept only a key as valid athentication, as script kiddies have
> figured out how to open an ssh session and try various user names and
> passwords.
>
> While RSA-1 keys are easy to crack if you have the right program, it is
> unlikely
> that someone trying to "hack in" over an internet connection will get it,
> and RSA-2 or DSA keys are difficult enough to not worry.
>
> Note there was a debian fork of ssh that reduced all keys to 128 bits,
> so make sure you have an up to date version of SSH if you are using a
> debian based system. All versions of MacOS's ssh are safe.
>
> If you are accepting connections from outside of your own private, firewalled
> network for SSH, use a different port, something relatively high to prevent
> someone trying a few to get in.
>
> If you do not want someone who walks up to your Mac to have the capability
> of using these keys, you can passphrase protect them. This is different
> than passwords, as the authentication is still done by key, however the
> key is encrypted on your Mac using the passphrase.

This is easily done on Mac OS X as well. It's how I set up my home
systems and Macs I administer for friends and family.

--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR
From: johnny bobby bee on 4 Nov 2009 13:05
Jack Shown wrote:
> If root is not enabled (other than by sudo), is it possible to scp a
> file to a root-owned folder? If so, could you please provide an
> example? Thanks a bunch.

Be specific as to what you're trying to achieve.

Or, just copy it as a normal user to your home directory then use sudo
to put it where you want.
From: Doug Anderson on 4 Nov 2009 13:10
Jack Shown <jackshown(a)gmail.com> writes:

> If root is not enabled (other than by sudo), is it possible to scp a
> file to a root-owned folder? If so, could you please provide an
> example? Thanks a bunch.

I suppose you could change the privileges on the folder to allow a
non-root user to write files there, though depending on the folder I
suppose there could be some unintended consequences of that.


 |  Next  |  Last
Pages: 1 2
Prev: Magic Mouse review
Next: where are my console message????!!!! ##@@$$#$%#!