[rescue] SGI fw_sshd and security

Sheldon T. Hall shel at cmhcsys.com
Fri Mar 5 11:16:05 CST 2004

Dave McGuire said ...
> On Mar 5, 2004, at 11:42 AM, Bill Bradford wrote:
> >
> > I think your problem is that you're running software from SunFreeware
> > on an IRIX box. 8-)
>    Holy cow, I didn't even notice that.  I think I need to go back to
> sleep.

Well, yeah.  And I know IRIX is not particularly secure.

However, there is a firewall in front of it, and only the one port being
passed through, and I've secured ssh as well as I can.

So, assuming the firewall is OK, only the sshd port is esposed, right?

And assuming sshd is OK, only someone who can guess one of the allowed
usernames can even try to guess that user's password, right?

I'm assuming that the SGI Freeware sshd _is_ vulnerable to buffer overflow
exploits or something, if an attacker can tell that it's IRIX (well, I guess
they can now that I've posted this) and which sshd (ditto) ....

Maybe I will follow through on my plan and implement a system that lets me
turn sshd on and off remotely....


More information about the rescue mailing list