LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-07-2017, 09:27 AM   #31
atelszewski
Member
 
Registered: Aug 2007
Distribution: Slackware
Posts: 907

Original Poster
Rep: Reputation: Disabled

Hi,

The original question was about involving serial console.
But I cannot start agetty on serial port without becoming root.
And becoming root, would require me to provide the password.
And the password could be seen by the potential MITM attacker.

Still, I'm happy with the solution we worked out in the end ;-)

--
Best regards,
Andrzej Telszewski
 
Old 02-08-2017, 08:40 AM   #32
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Getty processes would be attached to the port during normal system startup, if the system configuration (could be init or systemd so I won't get more specific) tells it to do that.

You would not start them: they would already be there.

(And in similar fashion you can also attach sshd to be the one that's listening to that device, so that you can ssh into it as soon as the system is running.)

Last edited by sundialsvcs; 02-08-2017 at 08:41 AM.
 
Old 02-08-2017, 09:09 AM   #33
atelszewski
Member
 
Registered: Aug 2007
Distribution: Slackware
Posts: 907

Original Poster
Rep: Reputation: Disabled
Hi,

Unfortunately (well, that depends ;-)), serial console is not configured.

I can start getty manually on the chosen serial port, it's not only init that can do that.
But to start it, I would have to become root.

To clarify, my initial thought was that:
1) I connect over ssh.
2) I start getty on serial port.
3) If I can login on serial port, then I know the system is the real one.

Then, I realized I would have to provide root password to start getty, which as we discussed, could be intercepted.

--
Best regards,
Andrzej Telszewski
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh hangs when trying to secure shell to one particular host jjanderson5 Linux - Networking 3 10-21-2016 12:19 PM
Advise on secure remote ssh accessible 24/7 server in home network fritzxy Linux - Security 7 08-10-2014 08:48 PM
ssh: authenticity of host can't be established question opens x dialog joe_2000 Linux Mint 2 05-10-2014 06:09 AM
Is there a way to prevent this message:The authenticity of host can't be established. abefroman Linux - Server 8 11-27-2009 02:52 PM
no ssh logging in /var/log/secure mberd Linux - Security 4 05-27-2009 07:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration