-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hans-Werner Hilse wrote: > I just prefer manual "opening" of access means above manual "securing" > them. It's just about what happens if you fail -- when the task was > securing, you might have a security leak, but if it was openiung > access, it is still secured. It's relatively moot, since opening access > is also often error prone in the sense of "opening to much". I think > it's personal taste :-)
All can go wrong, always. First security motto. That's why a completely parallel, special-time-only mechanism appeals me (and, of course, taste here is important, too!) > Yeah, but in that case you'd know it at that point, and it caused no > other harm than preventing you to setting up that fallback sshd. You > can then still fix it (or set up OpenVPN/telnet ;-)) using the old sshd > that's still listening. Just remember not to do a "killall sshd". Yes, of course, I fully agree. I just think that providing a couple more ideas (alternatives, if you wish, for different personal tastes! :) is good. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG7rLEAlpOsGhXcE0RCk0vAJ0X09AifEvbQLpDX6fa9Rudo12AKwCeIhXe 2M3f/HNi7F1DVvjtGeOURTE= =f2cd -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list