-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hans-Werner Hilse wrote:
> I just prefer manual "opening" of access means above manual "securing"
> them. It's just about what happens if you fail -- when the task was
> securing, you might have a security leak, but if it was openiung
> access, it is still secured. It's relatively moot, since opening access
> is also often error prone in the sense of "opening to much". I think
> it's personal taste :-)

All can go wrong, always. First security motto. That's why a completely 
parallel, special-time-only
mechanism appeals me (and, of course, taste here is important, too!)

> Yeah, but in that case you'd know it at that point, and it caused no
> other harm than preventing you to setting up that fallback sshd. You
> can then still fix it (or set up OpenVPN/telnet ;-)) using the old sshd
> that's still listening. Just remember not to do a "killall sshd".

Yes, of course, I fully agree. I just think that providing a couple more ideas 
(alternatives, if you
wish, for different personal tastes! :) is good.

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG7rLEAlpOsGhXcE0RCk0vAJ0X09AifEvbQLpDX6fa9Rudo12AKwCeIhXe
2M3f/HNi7F1DVvjtGeOURTE=
=f2cd
-----END PGP SIGNATURE-----
-- 
[EMAIL PROTECTED] mailing list

Reply via email to