Understanding Display Problems and Poor Authentication on Unix/Linux Terminals

Asked 2 years ago, Updated 2 years ago, 149 views

Please tell me about the previous Terminal Emulator (SSH) interaction.

Terminal is not the best because of terminal defects.While there are few things that can be done through SSH, terminal display problems and weak authentication are fatal, and terminal usage is more restricted in some environments

I received a comment saying that, but there are two things that I don't understand.

For Terminal Display Issues, see

It's about working with the server, so it's supposed to be compared to CUI operations on the local console.

I don't understand the reason for asserting that

In my opinion, there are many types of terminals, some primitive dam terminals, and some intelligent terminals (or workstations that are the hosts themselves) that can fully use the X11.Currently, PC+ terminal emulators are overwhelmingly cheaper than X11 terminals, so that's the mainstream, and the terminals for Linux servers are only sold with low functionality, so we can't help but understand that there is a display problem with the terminals.However, GUI terminal emulators like today appeared in the early 1990s, and those that have existed since then have difficulty displaying fixed-size text screens.

Could you introduce me to references (articles, books, papers, etc.) that clearly explain the reason for this?

Also, the second point was that the weak authentication of the terminal was fatal after all, so we cannot determine why the weak authentication of the terminal is fatal.

I am not familiar with how weak terminal certification can be fatal because I am not a professional, but I would like you to give me some specific examples on this point.I can't think of any other vulnerabilities in social engineering, such as not being able to secure credentials with public key ciphers, not being able to support Kerberos authentication, biometrics, or multi-factor authentication, but is logging directly from the terminal a security vulnerability?

linux unix teraterm

2022-09-30 20:16

2 Answers

About the first point

Terminal; Organizing terms around terminal

There are three types.Since the original question consistently describes it as terminal emulator, it is reasonable to think that you are talking about terminal emulators.On the other hand,

In my opinion, there are many types of terminals, some primitive dam terminals, and some intelligent terminals (or workstations that are the hosts themselves) that can fully use the X11.

However, the original question did not mention Terminal.You're talking from the terminal. Are you confused between the terminal emulator and the 3.X terminal?


2022-09-30 20:16

The comment section is not a place to answer your questions, so I didn't answer them.

It's about working with the server, so it's supposed to be compared to CUI operations on the local console.

I don't understand the reason for asserting that

The original question is in the context of "Compare local console to SSH when operating Linux on VMware."Even in a slightly wider environment where Linux servers are typically running,

  • Local Console
  • SSH

Only one of them is used.X is often not installed, much less an X terminal or a remote terminal (not a terminal emulator).I don't want to be asked to publish the literature.

(Note: Virtualization servers may use a serial console.However, this is not much different from the local console in terms of display difficulties.)

Also, the second point was that the weak authentication of the terminal was fatal after all, so we cannot determine why the weak authentication of the terminal is fatal.

In principle, the local console should authenticate with an ID/password.If you have a large number of servers, you get them and use them around.You can also expand with the PAM, but there is a risk that you will not be able to log in in in case of trouble.

"Also, the problem is that there is no information about ""where is the connection""."Afterwards, when you check if the person who logged in at this time certainly has this ID, you have to rely on another device such as a camera to match with the ID/password authentication alone.Some organizations check "Warning users if they connect from an unusual IP address."

Rather than trying to overcome these problems and use a local console, it is a reasonable decision to choose SSH as a general rule.

--

One of the reasons why local consoles often offer only simple authentication is that they can be placed in a building security compartment and have a mechanism that prevents physical contact.

The cause and effect of this are reversed.Local console authentication is poor, so physical access restrictions are needed as a countermeasure.Poor authentication on the local console is due to the constraint that there is no authentication available to replace the identity and password.

I know where SSH actually uses ID/password.

It's a problem in the environment that you can use more secure authentication such as public key authentication, but you don't do it and operate it weakly.This is different from the fact that strong authentication is difficult due to technical constraints on the local console.

Audit by IP Address is also a loophole

Almost all information can be forged, but it depends on the nature, situation, and use of each information and how reliable it is.As you said, the possibility of IP addresses being camouflaged is not zero, so it cannot be an absolute authentication element, but it can be used as a key to be linked to other information, and its reliability can be verified to some extent.For example, there are no inconsistencies in the authentication or operation log of the terminal (PC) associated with the IP address."As mentioned above, ""Connecting from an unusual IP address"" can be a source of suspicion."It may be disguised, so I can't think that an unusual IP address is not suspicious.It is also important that they can be determined mechanically.

I added an explanation just in case, but there are differences in the basics, so I think it is not enough for you to understand beyond that.It's obvious from a practical point of view, but unfortunately I don't know any books that are explained systematically.


2022-09-30 20:16

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.