ddk@lanl.gov (David D Kaas) (03/09/90)
At our site we have a CRAY and several dozen UNIX workstations. We are looking at ways of doing un-atteneded file transfers during off hours. We have started using ftp with .netrc files. We do have outside access to our network. Now the question, is this considered a security problem? If so how are un-attended file transfers done? Thank You Dave Kaas Boeing Computer Services Richland D. O. E. Richland, WA 99352 (509) 376-6386 e41126%rlvax3.lanl.gov -- Dave Kaas - D.O.E. Richland, Wa. e41126%rlvax3.xnet@lanl.gov
shawn@eddie.mit.edu (Shawn F. Mckay) (03/10/90)
From article <45473@lanl.gov>, by ddk@lanl.gov (David D Kaas): > > > At our site we have a CRAY and several dozen UNIX workstations. > We are looking at ways of doing un-atteneded file transfers during off > hours. We have started using ftp with .netrc files. We do have outside > access to our network. Now the question, is this considered a security > problem? If so how are un-attended file transfers done? > > Thank You > Dave Kaas > Boeing Computer Services Richland > D. O. E. > Richland, WA 99352 > (509) 376-6386 > e41126%rlvax3.lanl.gov > -- > Dave Kaas - D.O.E. Richland, Wa. > e41126%rlvax3.xnet@lanl.gov Well, ANY time you have a clear copy of a password in a file on your system its a security hole. Most people use rcp and its remote host capability (i.e. .rhosts files and such). If can't use rcp, it would not be very hard to write a server/client for your machines to do a simple file copy. Probably much easier than picking up the peices after someone snarfs your .netrc file and has passwords to everything in the world. Hope this helps, Good Luck, -- Shawn
dce@smsc.sony.com (David Elliott) (03/11/90)
In article <1990Mar10.143413.16539@eddie.mit.edu> shawn@eddie.mit.edu (Shawn F. Mckay) writes: >Probably much easier than picking up the peices after someone snarfs >your .netrc file and has passwords to everything in the world. How much easier is it to get someone's .netrc file than to get someone's L.sys file, which also has passwords in it? In both cases the file is protected, though with the .netrc file, many (all?) versions of ftp will not even try to use the file if it is readable or writable by group/other. -- David Elliott dce@smsc.sony.com | ...!{uunet,mips}!sonyusa!dce (408)944-4073 "...it becomes natural, like a third sense." -- Homer Simpson
grr@cbmvax.commodore.com (George Robbins) (03/11/90)
In article <1990Mar10.181943.23169@smsc.sony.com> dce@Sony.COM (David Elliott) writes: > In article <1990Mar10.143413.16539@eddie.mit.edu> shawn@eddie.mit.edu (Shawn F. Mckay) writes: > > How much easier is it to get someone's .netrc file than to get > someone's L.sys file, which also has passwords in it? In both cases > the file is protected, though with the .netrc file, many (all?) > versions of ftp will not even try to use the file if it is readable or > writable by group/other. A random sampling of .netrc files will be readable and have the passwords of "user accounts". Even if a L.sys file is readable, it contains only the "uucp" passwords which almost always grant only the limited access that the remote system has via uucp, usually a public directory and not much else. -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing: domain: grr@cbmvax.commodore.com Commodore, Engineering Department phone: 215-431-9349 (only by moonlite)