|On Wed, 7 May 2003 08:53:40 +0200 Michael Bergbauer |<[EMAIL PROTECTED]> writes: |If you |> think SSH (or any other component) is not trustworthy, just look for |> alternatives (or create them yourself). | |what would be a more secure alternative to ssh? |
what about ssh over vpn (vtun, openvpn, ipsec...) ? at that point, you introduce complexity, another layer, possible flaws of the vpn software.... of course you would add a firewall on the vpn device, so that you can only connect from your admin box to the ssh port. (both services can be run on non-standard ports) (and of course it's more an admin solution than a end user solution) On the other subject of the thread, about http://cmn.listprojects.darklab.org/, To prevent DoS, for the sending syns to some predefined ports, you could have a payload with your gpg signature (and encryption). only the authenticated packets would be taken into account for opening the port. (i don't have such a system, it's just a imaginary setup, i have no clues on how to analyze the payload.) (and one has to remember that obsfuscation is not a remplacement for security. ie you can add it to your secure setup. don't say ever : 'oh, nobody will find out'.) bye -- xavier renaut -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]