On Thu, 2007-10-04 at 00:26 +0100, Jonathan Underwood wrote: > On 03/10/2007, Alan M. Evans <fedoralist@xxxxxxxxxxxxx> wrote: > > Keep your SSH and your "real password" and sleep like a baby. As for me, > > I won't trust SSH alone. I employ other methods, including rsa keys, > > special iptables rules, and SELinux, to enhance the security of my > > system. (For the record, I run SSH on the standard port, despite the > > fact that I claim it would enhance security further.) > > > > I'd be interested to know what SElinux policy changes you've > implemented to add further security to sshd? None, actually. Sorry if I was misunderstood. I merely mentioned SELinux because I'm aware that Karl doesn't think it's useful and I do because of the "layered security" model that I was discussing. Karl was saying, in effect, that SSH and a "good" password were enough, and that's why I was mentioning layered security. In retrospect, it probably shouldn't have been lumped in with the rsa keys and iptables rules. (Also, Karl may not have anything against SELinux. I just made that statement without researching the list history because in my mind I lumped him in with the cabal of anti-SELinux guys. That impression may be incorrect.)