Re: accessing shell when gnome locks up.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2/27/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:

Andras Simon wrote:

>>
>> These days you'd be much more likely to have another computer or laptop
>>   with an ethernet connector available than a serial terminal or cable
>> with the right-sized, right-gender ends.  If you don't have a hub, use a
>> crossover ethernet cable to connect and use ssh.  Or get wireless
>> working and forget about all that nonsense.
>
> If you regularly need to have access to your computer over the
> network, then you already have sshd running on it, and you have no
> problem to solve.

I generally don't find computers to be very useful without networking
and the ability to access them without touching them.


I almost agree. Life would be much more complicated if I couldn't
access remotely my shell account at work. But at home, I'm quite happy
with a computer with networking but without the ability to be ssh'd
into. (And there are some computers I'd find _very_ useful even
without any kind of networking... but they're very expensive :-))



> But I'd hate (read: wouldn't know how to do it
> securely, in a finite amount of time) to open up a port and run sshd
> just to be able to log in remotely once in a blue moon to kill some
> stupid gnome thingy.

Pretty much every linux distribution comes with that capability already
carefully planned and does the right thing if you install it.


Do you mean that installing sshd and iptables and perhaps a few more
packages is all one needs to do? I'd think that even if you don't plan
to provide access, you have to do a couple of things before a new
Fedora box is ready to face the internet. But maybe you're right: the
tweakings I usually do is shutting down various services, and
tightening up (to the best of my knowledge - which is not much) the
firewall rules. So, if I wanted to allow remote access, I'd need to do
less, not more.



> The serial approach is relatively simple and you
> don't have to worry about future security holes discovered in the
> tcp/ip stack, iptables and sshd.

Other people are worrying about that.  All you have to do is use good
passwords and keep your system up to date.  Much less attention is
probably being paid to the security risks of mgetty or serial ports.


They may be full of security holes that are exploitable _locally_. But remotely?

Andras
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux