Re: Certificate authentication to SSH

captgoodnight captgoodnight wrote:
>>From: Jon Reynolds <jonr@destar.net>
>>Reply-To: jonr@destar.net
>>To: captgoodnight captgoodnight <captgoodnight@hotmail.com>
>>Subject: Re: Certificate authentication to SSH
>>Date: Wed, 07 Sep 2005 15:22:58 -0800
>>
>>captgoodnight captgoodnight wrote:
>>
>>>Sounds good.
>>>
>>>Might want to look into accepting ssh access from certain addrs|nets only,
>>>maybe keeping the history file down to 50-100 lines, having a .bash_logout
>>>that removes the history when you logout of root and scott. Keep X11
>>>forwarding off at the client and server (removes the odds of local admin
>>>X11 highjacking methods(if ya really don't need it)), keep a cron-job of
>>>chkrootkit and rkhunter on client/server. Run tripwire from a cdrom. Oh,
>>>duh, use a different port for ssh AND honeypot the real one (honeyd ;)
>>>Use gpg for sensitive stuff. Oh hell, the list goes on and on. I guess it
>>>depends on how paranoid you have made yourself ;) lol.
>>>
>>>There's always union routing, hehe.
>>>
>>>PS: Duh, here ;) http://www.hackinglinuxexposed.com/articles/ --enjoy
>>>
>>>
>>>2 cents,
>>>e
>>
>>Sounds like an Aklug presentation???? ;)
>>
>>Jon
>
>
> Oh where to squeeze that in? (think nervous, neurotic) lol. We nearly just
> got back to Alaska, got j-o-bs (just got my first paycheck in one year!
> yeah!), and now I'm modestly helping fix/audit/monitor/sweat on everyones
> firewall (you know who you are ;). Oh, so now that I have a job that
> threatens my bum, I have to TRY to be physically active, lmao <---- Wish
> that worked! I don't even have my OWN network up yet, it's still in storage.
> Then there's the apartment thing, so "moving in" is now in order (goodbye to
> the home built camper ;( ;). Oh, not to mention the tourettes thingy...lol
>
> And that's just MY side of the story, there's another half! ;) And soon a
> dog too!
> --hard knock life...(shrug)
> eddie ;)

So your saying you have a lot of free time then?

No problem, I've been trying to pimp the idea of people doing
presentations on anything they feel comfortable with. I am content to
wait a few years until your ready. :)

Welcome back!

Jon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Sep 8 11:56:10 2005