Re: Certificate authentication to SSH

>From: Jon Reynolds <jonr@destar.net>
>Reply-To: jonr@destar.net
>To: captgoodnight captgoodnight <captgoodnight@hotmail.com>
>Subject: Re: Certificate authentication to SSH
>Date: Wed, 07 Sep 2005 15:22:58 -0800
>
>captgoodnight captgoodnight wrote:
>>Sounds good.
>>
>>Might want to look into accepting ssh access from certain addrs|nets only,
>>maybe keeping the history file down to 50-100 lines, having a .bash_logout
>>that removes the history when you logout of root and scott. Keep X11
>>forwarding off at the client and server (removes the odds of local admin
>>X11 highjacking methods(if ya really don't need it)), keep a cron-job of
>>chkrootkit and rkhunter on client/server. Run tripwire from a cdrom. Oh,
>>duh, use a different port for ssh AND honeypot the real one (honeyd ;)
>>Use gpg for sensitive stuff. Oh hell, the list goes on and on. I guess it
>>depends on how paranoid you have made yourself ;) lol.
>>
>>There's always union routing, hehe.
>>
>>PS: Duh, here ;) http://www.hackinglinuxexposed.com/articles/ --enjoy
>>
>>
>>2 cents,
>>e
>
>Sounds like an Aklug presentation???? ;)
>
>Jon

Oh where to squeeze that in? (think nervous, neurotic) lol. We nearly just
got back to Alaska, got j-o-bs (just got my first paycheck in one year!
yeah!), and now I'm modestly helping fix/audit/monitor/sweat on everyones
firewall (you know who you are ;). Oh, so now that I have a job that
threatens my bum, I have to TRY to be physically active, lmao <---- Wish
that worked! I don't even have my OWN network up yet, it's still in storage.
Then there's the apartment thing, so "moving in" is now in order (goodbye to
the home built camper ;( ;). Oh, not to mention the tourettes thingy...lol

And that's just MY side of the story, there's another half! ;) And soon a
dog too!
--hard knock life...(shrug)
eddie ;)

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Sep 7 20:09:18 2005