Xavier Brochard wrote: > Le Thursday 16 October 2008 11:58:33 Gavin McCullagh, vous avez écrit : > >> On Thu, 16 Oct 2008, jam wrote: >> >>> Security through complexity is dumb and ends up biting you: >>> >> Security by obscurity will probably work against brute force ssh worms, but >> is less likely to work where there is a determined attack. >> > > There is also security against stupididity: > Setup an old computer, older as you can, with small amount of ram and little > hardrive. If possible, use something other than i386 (amiga, atari, ppc, > sparc...). Put on it a minimal Linux, ssh server, and one user account. Set > the hardrive readonly. > Setup your router to redirect ssh port on it. > If someone hack the computer and try to hack the network behind, he will be > very annoying: no gcc, little amount of ram (computer will crash quickly), > etc. Best if its not i386, because he can't copy a compiled program. > > -- > à bientôt, Xavier > [EMAIL PROTECTED] >
/me wonders if sticking a rotten banana in the port will keep the evil hackers away... Seriously, this conversation is getting kind of silly. I seriously see no need to launch a completely separate sshd just for administrators on a different port. There are plenty of network-layer utils available to secure a port from the outside world. There is no need to make LTSP/Edubuntu setups more complex for this purpose. If you need access to ssh from any IP on the net to your internal LTSP server, set it up - but I really don't think this is a common enough scenario to warrant a default secondary sshd for everyone. You're gonna get tons of admins asking "why do I have an open port 2222? Why the hell is ssh running on 2222??" Again, just my ever-declining-in-value $0.02. - Jordan/Lns ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net