Re: SSH Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: SSH Security
From: Leonard Isham <leonard.isham@xxxxxxxxx>
Date: Mon, 12 Dec 2005 06:37:31 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Uov66zGIaxKRdT8b+5e07ABFUaaFBfQAnasEb6beobEibm4pLAI23wYOU+hgCbhUm/qUmyyrDvzDj827f7x6vS8ju1SRH3AjDYwHJil5UVyo2UmOwV32rpmBhsjHsSOP/ANahMVjv0IcpT6MtNgXtbtpLZ/hMxhs8rdEA+aYwjM=
In-reply-to: <20051210223531.67063b9b@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <000b01c5fad1$be9e2030$a2cd04cb@xxxxxxxxxxxxxxxxxx> <1133921703.8876.1.camel@xxxxxxxxxxxxx> <20051210223531.67063b9b@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On 12/10/05, wwp <subscript@xxxxxxx> wrote:
> Hello Scot,
>
>
> On Tue, 06 Dec 2005 21:15:04 -0500 "Scot L. Harris" <webid@xxxxxxxxxx> wrote:
>
> > On Tue, 2005-12-06 at 20:58, Ben Halicki wrote:
> > > Hi all,
> > >
>
> BTW, is there a way to make ssh allowing root access from a specific
> interface (local for instance) and denying it from other ones (external)?

I have to say this is a bad idea.  root access directly has no
accountability.  login via a normal ID and sudo or if you really need
to su.  now you have accountability.

Second you are creating complexity, which is the nemesis of security, 
Complex solutions are more vulnerable due to the chance for error. 
Use depth in defense.  Multiple simple layers of security... firewall,
local iptables, ssh, no root access, sudo, logs....

--
Leonard Isham, CISSP
Ostendo non ostento.

Follow-Ups:
- Re: SSH Security
  - From: John Summerfied

References:
- SSH Security
  - From: Ben Halicki
- Re: SSH Security
  - From: Scot L. Harris
- Re: SSH Security
  - From: wwp

Prev by Date: Re: VNC program with 'remote browser' feature
Next by Date: aMule
Previous by thread: Re: SSH Security
Next by thread: Re: SSH Security
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]