[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Minimal Install Option

From: Joe <joe tmsusa com>
To: rhl-beta-list redhat com
Subject: Re: Minimal Install Option
Date: Thu, 21 Aug 2003 11:00:15 -0700

Chris Ricker wrote:

On Thu, 21 Aug 2003, Pekka Savola wrote:

On Thu, 21 Aug 2003, Chris Ricker wrote:

I'm not sure you are disagreeing with me here. Are you saying don't remote log in to a firewall at all, or are you agreeing with me?

I'm disagreeing. The last thing a fw should do is run a service, let alone one with the security history of ssh.... Manage over serial.

Disagree. Set your access controls in /etc/hosts.allow for sshd and you're done :-)

and then join the OpenSSL / OpenSSH exploit train.... No, thanks!

This is all just proving my point, which was that no one can even agree on what a minimal machine should be.

"exploit train?" hmm, you don't seem to be quite up to speed on openssh - I suppose you haven't heard about privelege separation etc? openssh is just about the most secure connection method out there.

What do you propose for remote shell access, telnet?

Joe

Follow-Ups:
- Re: Minimal Install Option
  - From: Chris Ricker

References:
- Re: Minimal Install Option
  - From: Pekka Savola
- Re: Minimal Install Option
  - From: Chris Ricker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]