[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Dave.Ewart at cancer.org.uk (Dave Ewart)
Subject: Re: Re: Re: open telnet port
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday, 09.09.2004 at 10:47 -0400, Kenneth Ng wrote:
> You really should not need this as the norm. I do this when I'm
> working on the ssh daemons, but thats about the only time. What I do
> is I enable it on a screwball port number, then use tcp wrappers to
> only allow access from my ip address and change the root password
> before I begin. In that way the opening is there while I may need it,
> and if I use the temporary root password, it won't do them much good
> unless they compromise the host I'm coming from. Afterwards I disable
> the service and change the root password back.
>
> If you need this on as the norm, please at least use TCP wrappers to
> limit from where it can be accessed, and change any used passwords
> immediately after reestablishing control.
Or, alternatively just use another SSH daemon or a different port and
not have to faff around with exposing passwords in the first place :-)
Dave.
- --
Dave Ewart
Dave.Ewart@...cer.org.uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBQHLfbpQs/WlN43ARAuacAJoDuWWfOcfxc+eo20Xzs3gI1OZpWwCeLbZs
NcGTEVhQy57dN/4yvuIN3R4=
=5H6S
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists