Way OT: SSH worries
Alex Neuman
alex at nkpanama.com
Mon Aug 16 21:26:06 IST 2004
Reminds me of those "less filling vs. tastes great" deals. Why not both?
I'm seriously considering:
1. Only having one account authorized to log in using SSH,
2. On an obscure port
3. Using keys only (no passwords)
4. From a specific number of locations with the same exact requirements.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Dan Hollis
Sent: Monday, August 16, 2004 2:42 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Way OT: SSH worries
On Mon, 16 Aug 2004, Kevin Spicer wrote:
> Or even better (if only a few people have an ssh account) enforce key
> based authentication only, (carry your key on a usb keydrive or
> similar...).
wont save you from the next 0day root exploit though.
moving to obscure ports and/or firewalling the hell out of ssh would be a
better answer.
-Dan
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list