| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Dave.Ewart at cancer.org.uk (Dave Ewart) Subject: Re: Re: Re: open telnet port -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 09.09.2004 at 10:47 -0400, Kenneth Ng wrote: > You really should not need this as the norm. I do this when I'm > working on the ssh daemons, but thats about the only time. What I do > is I enable it on a screwball port number, then use tcp wrappers to > only allow access from my ip address and change the root password > before I begin. In that way the opening is there while I may need it, > and if I use the temporary root password, it won't do them much good > unless they compromise the host I'm coming from. Afterwards I disable > the service and change the root password back. > > If you need this on as the norm, please at least use TCP wrappers to > limit from where it can be accessed, and change any used passwords > immediately after reestablishing control. Or, alternatively just use another SSH daemon or a different port and not have to faff around with exposing passwords in the first place :-) Dave. - -- Dave Ewart Dave.Ewart@...cer.org.uk Computing Manager, Epidemiology Unit, Oxford Cancer Research UK PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBQHLfbpQs/WlN43ARAuacAJoDuWWfOcfxc+eo20Xzs3gI1OZpWwCeLbZs NcGTEVhQy57dN/4yvuIN3R4= =5H6S -----END PGP SIGNATURE-----
Powered by blists - more mailing lists