On Fri, 02 May 2003 at 06:20:58PM +0200, Peter Ondraska wrote:
Doesn't TCP/IP have only at most 4 layers?
In the OSI model there are 7 Layers. TCP/IP takes up only two of them
(3 4).
Layer 1 - Physical - Cat5, Fiber, etc.
Layer 2 - Datalink - Ethernet, FDDI, etc.
Layer 3 - Network - IP, IPX,
Hans van Leeuwen [EMAIL PROTECTED] wrote:
Hello,
My company has created an application that allows remote users to edit
their DNS-records. This app needs to restart bind on the remote nameservers.
This is a poor way to do dynamic DNS.
I have decided to do this thrue SSH by putting the
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
g.
On Fri, 2 May 2003, Hans van Leeuwen wrote:
Hello,
My company has created an
did you consider just to blockother mac-addresses through iptables?
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh access?
i assume you need to be root for this? how are you going to solve it
over ssh? and how do you prevent users from just
Hans van Leeuwen [EMAIL PROTECTED] writes:
My company has created an application that allows remote users to
edit their DNS-records. This app needs to restart bind on the remote
nameservers.
I think this is the wrong solution. A better idea is a cron job on
the nameserver periodically
Hello,
are you really sure, that your dns server and all customers are located
in the same ip subnet? Authentication via the mac address of your
internet router does not seem to be very secure idea... ;)
achim
--
Demokratie beruht auf drei Prinzipien: auf der Freiheit des Gewissens,
auf der
Kay-Michael Voit wrote:
did you consider just to blockother mac-addresses through iptables?
Yes, but the MAC should just be checked for one specific user.
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh acces
No, just one user with limited
Danny De Cock wrote:
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
I understand that MAC-adresses can be spoofed, but I thought I would
On 02 May 2003, Hans van Leeuwen wrote:
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
it was possible to get sshd to only allow the client MAC-address.
If these remote users always connect from the same
On Fri May 02, 2003 at 02:34:17PM +0200, Oliver Hitz wrote:
On 02 May 2003, Hans van Leeuwen wrote:
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
it was possible to get sshd to only allow the client
Oliver Hitz wrote:
It is also possible to further restrict this connection. Something
like
command=/etc/init.d/bind restart,from=... ssh-rsa ...
This does the job. Only I execute 'bind restart' thrue a small C-program
with a suid-bit.
Thanks for the help everybody!
Hans
On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
it was possible to get sshd to only allow the client MAC-address.
SSHD cannot do what you
On Fri, 2 May 2003, Phillip Hofmeister wrote:
On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
it was possible to get sshd to only
On Fri, May 02, 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
My company has created an application that allows remote users to edit
their DNS-records. This app needs to restart bind on the remote nameservers.
bind never needs to be restarted, use rndc or dns updates with key.
bastian
--
14 matches
Mail list logo
