| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Hans-Werner Hilse wrote: |
| 5 |
> I just prefer manual "opening" of access means above manual "securing" |
| 6 |
> them. It's just about what happens if you fail -- when the task was |
| 7 |
> securing, you might have a security leak, but if it was openiung |
| 8 |
> access, it is still secured. It's relatively moot, since opening access |
| 9 |
> is also often error prone in the sense of "opening to much". I think |
| 10 |
> it's personal taste :-) |
| 11 |
|
| 12 |
All can go wrong, always. First security motto. That's why a completely parallel, special-time-only |
| 13 |
mechanism appeals me (and, of course, taste here is important, too!) |
| 14 |
|
| 15 |
> Yeah, but in that case you'd know it at that point, and it caused no |
| 16 |
> other harm than preventing you to setting up that fallback sshd. You |
| 17 |
> can then still fix it (or set up OpenVPN/telnet ;-)) using the old sshd |
| 18 |
> that's still listening. Just remember not to do a "killall sshd". |
| 19 |
|
| 20 |
Yes, of course, I fully agree. I just think that providing a couple more ideas (alternatives, if you |
| 21 |
wish, for different personal tastes! :) is good. |
| 22 |
|
| 23 |
- -- |
| 24 |
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica |
| 25 |
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ |
| 26 |
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. |
| 27 |
-----BEGIN PGP SIGNATURE----- |
| 28 |
Version: GnuPG v1.4.7 (GNU/Linux) |
| 29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 30 |
|
| 31 |
iD8DBQFG7rLEAlpOsGhXcE0RCk0vAJ0X09AifEvbQLpDX6fa9Rudo12AKwCeIhXe |
| 32 |
2M3f/HNi7F1DVvjtGeOURTE= |
| 33 |
=f2cd |
| 34 |
-----END PGP SIGNATURE----- |
| 35 |
-- |
| 36 |
gentoo-user@g.o mailing list |
Archives