1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Hans-Werner Hilse wrote: |
5 |
> I just prefer manual "opening" of access means above manual "securing" |
6 |
> them. It's just about what happens if you fail -- when the task was |
7 |
> securing, you might have a security leak, but if it was openiung |
8 |
> access, it is still secured. It's relatively moot, since opening access |
9 |
> is also often error prone in the sense of "opening to much". I think |
10 |
> it's personal taste :-) |
11 |
|
12 |
All can go wrong, always. First security motto. That's why a completely parallel, special-time-only |
13 |
mechanism appeals me (and, of course, taste here is important, too!) |
14 |
|
15 |
> Yeah, but in that case you'd know it at that point, and it caused no |
16 |
> other harm than preventing you to setting up that fallback sshd. You |
17 |
> can then still fix it (or set up OpenVPN/telnet ;-)) using the old sshd |
18 |
> that's still listening. Just remember not to do a "killall sshd". |
19 |
|
20 |
Yes, of course, I fully agree. I just think that providing a couple more ideas (alternatives, if you |
21 |
wish, for different personal tastes! :) is good. |
22 |
|
23 |
- -- |
24 |
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica |
25 |
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ |
26 |
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. |
27 |
-----BEGIN PGP SIGNATURE----- |
28 |
Version: GnuPG v1.4.7 (GNU/Linux) |
29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
30 |
|
31 |
iD8DBQFG7rLEAlpOsGhXcE0RCk0vAJ0X09AifEvbQLpDX6fa9Rudo12AKwCeIhXe |
32 |
2M3f/HNi7F1DVvjtGeOURTE= |
33 |
=f2cd |
34 |
-----END PGP SIGNATURE----- |
35 |
-- |
36 |
gentoo-user@g.o mailing list |