Ssh & Winscp
Apr 10, 2008I add a user: user1
and login with winscp
the defaut dir is /home/user1
but i found i can download anything in the box not only in /home/user1.
This is a big security issue.
What can i do?
ADVERTISEMENT
For Expert In Security Vps And Ssh WinSCP
Sep 10, 2007I have an vps, on linux , apache, centos, with panel directadmin
I for enter in ssh with WinSCP3 first used: root, ip xx.xxx.xxx.xx, and password yyyyyy.
I write at host that I have this problem:
---------------------------------------------------
in hhtpd/access_log I found this:
"GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1"
by internet I found this discussion
[url]
seem that is an hacker attack;
you know the problem?
----------------------------------------------------
The host answer so:
.............................................................................. .........................
I have secured your server. I have installed RKhunter, ChkrootKit, secured your /tmp /var/tmp, and /dev/shm partitions, optimized your MySQL, install ImageMagick and disabled direct root login to your SSH.
Now you can login to your ssh using the user admin and then 'su -' to root
Login to admin :
password : zzzzzzzzzz
#su -
root password : yyyyyyy
.............................................................................. .......................
PROBLEM:
with WinSCP I can only make first access to admin@ip and cannot make the second; the host suggest only use putty (I not like it).
But is correct all the solutions of the host?
I must to have this two steps for use the root ?
this two steps not fqacilitate me but the vps is more secure?
how can resolve with WinSCP?