Re: Ultimately Safe User Account

• Previous message: Konrad Heuer: "Re: Abt BSD installation"
• In reply to: Andrew: "Re: Ultimately Safe User Account"
• Next in thread: Bart Silverstrim: "Re: Ultimately Safe User Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 24 Sep 2004 08:05:25 -0400
To: freebsd-questions@freebsd.org

On Sep 23, 2004, at 8:56 PM, Andrew wrote:

> Dan Rue wrote:
>>
>> How's he supposed to learn anything if all you give him is a jail with
>> ls cp mv sh and vi? sheesh. That'll turn him off unix pretty quick.
>
>
> Thanks for your feedback. I guess I'll just let him in and try not to
> worry. Well, the trouble is that I am the one administering the box and
> that it was this summer when I started reading heaps of unix/bsd
> documentation - for the first time in my life. I'm still paranoid about
> my own actions, not to mention smb's else. I'll give him cygwin/livecd
> as well, though.
>

If you're somewhat new (even if you're not...) I'd even more strongly
suggest investing in VMWare or some other VM software using disk images
to work from...it's the ultimate free reign learning environment and
virtual jail.

Even seasoned admins can get lazy or get hit by some new trick in the
book that they didn't previously know about. No one I worked with was
really familiar with SSH beyond the command line access...and they were
impressed with X forwarding. Then I learned about port redirection
using SSH, so any ssh-accessible machine on the Internet could
potentially be used to see any other machines within the same subnet as
the ssh server, allowing me access to some machines not visible with
simple scans of a NATed network. Took a few times explaining how it
worked, and it's come in handy for remote administration at times and
the people I explained the technique to were impressed at the potential
for this to be helpful as a tool (and as a potential security
breach...) The point is that there are more things in system
administration and user's minds than dreamt of in any single admin's
philosophy, Horatio :-)

-Bart

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Konrad Heuer: "Re: Abt BSD installation"
• In reply to: Andrew: "Re: Ultimately Safe User Account"
• Next in thread: Bart Silverstrim: "Re: Ultimately Safe User Account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: OT ~ President Bush Abandons His Base ... the IC has said as far as his investigation was concerned he has no plans to prosecute the person who supposedly leaked Plame's name (Richard Armitage). ... administration has set a new low in our country. ... Clinton's pals were in jail or in China long before his term ended. ... (rec.outdoors.rv-travel) Re: Requesting advice on Jail technique. ... is that if you want to support any port (and specifically things like ssh) ... is running under each jail, you need to know my IP address which one to log ... > I do not have a wealth of real IPs at my disposal but accountability ... I can afford a few real IPs for the purpose. ... (freebsd-questions) Question: [SOLVED] X11+ssh+jail ... If I can ssh from the jail into the jail itself using "ssh localhost", it appears localhost being resolved correctly. ... In my host lo0 is 127.0.0.1, in the jail lo0 isn't bound to anything. ... (comp.unix.bsd.freebsd.misc) Re: Captain Americas objection to the SRA makes no sense ... The fact that Luke Cage was going to go to JAIL ... labeled an "unregistered combatant" and losing ... CIVIL WAR closely mirror those of the Bush ... administration, ... (rec.arts.comics.marvel.universe) Re: SSH From within a Jail ... Koen Martens wrote: ... I need to ssh from within my jail to another ... do you jexec into the jail, ... (freebsd-hackers)