On Wed, 7 Sep 2005, captgoodnight captgoodnight wrote:
>> From a security standpoint; it's the way to go. Hydra is usless against it,
> as is the ettercap/sshmitm attack. Put simply, it's darn near bomb proof,
> and I'm happy to see someone thinking about it. Auditing systems these days
> has shown me that many allow auth to ssh, which is vuln to the previous
> canned methods...
>
> Having root use certs is fairly safe too, but I don't recommend it. --
> "security in depth"
>
> Now setting it up; straight forward, IMHO. Google is your friend, as is man
> pages ;)
>
> http://www.google.com/linux?hl=en&q=
>
> Aswell, there is some awsome script trickery you can do with certs.
Personally, I think the best centralized authentication method out there is
Kerberos, which ssh has excellent support for. And on remote root access: I
not only don't recommend it, I think anyone allowing direct root access
remotely should be forced to tour the country on the recieving end of
Python's fish slapping dance...
--Arthur Corliss
Bolverk's Lair -- http://arthur.corlissfamily.org/
Digital Mages -- http://www.digitalmages.com/
"Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Sep 7 13:01:47 2005
This archive was generated by hypermail 2.1.8 : Wed Sep 07 2005 - 13:01:47 AKDT