Re: Request for a Lockdown option

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Dear Christian,


>How is this different to configuring /etc/securetty and tunnelling
>Telnet over SSH Port Forwarding which I don't recommend BTW?

In case your SSH is remotely attackable for instance
	-  because your LDAP is configured wrongly,
	-  your run into some problem like CVE-2008-0166
 	-  some users private keys are lost 
And you want to lock down the sshd and investigate and fix the problem, then your solution may not be helpful because SSH is still exposed and attackable. 
 
The solution I do propose is an alterative to Port-Knocking  or packet filtering because it aims to un-expose the vulnerability of ssh and give the Administrators some time to fix the problems. 

Kind Regards  
Manon


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux