accessing shell when gnome locks up.
Andras Simon
szajmi at gmail.com
Tue Feb 27 17:13:21 UTC 2007
On 2/27/07, Les Mikesell <lesmikesell at gmail.com> wrote:
> Andras Simon wrote:
>
> >>
> >> These days you'd be much more likely to have another computer or laptop
> >> with an ethernet connector available than a serial terminal or cable
> >> with the right-sized, right-gender ends. If you don't have a hub, use a
> >> crossover ethernet cable to connect and use ssh. Or get wireless
> >> working and forget about all that nonsense.
> >
> > If you regularly need to have access to your computer over the
> > network, then you already have sshd running on it, and you have no
> > problem to solve.
>
> I generally don't find computers to be very useful without networking
> and the ability to access them without touching them.
I almost agree. Life would be much more complicated if I couldn't
access remotely my shell account at work. But at home, I'm quite happy
with a computer with networking but without the ability to be ssh'd
into. (And there are some computers I'd find _very_ useful even
without any kind of networking... but they're very expensive :-))
>
> > But I'd hate (read: wouldn't know how to do it
> > securely, in a finite amount of time) to open up a port and run sshd
> > just to be able to log in remotely once in a blue moon to kill some
> > stupid gnome thingy.
>
> Pretty much every linux distribution comes with that capability already
> carefully planned and does the right thing if you install it.
Do you mean that installing sshd and iptables and perhaps a few more
packages is all one needs to do? I'd think that even if you don't plan
to provide access, you have to do a couple of things before a new
Fedora box is ready to face the internet. But maybe you're right: the
tweakings I usually do is shutting down various services, and
tightening up (to the best of my knowledge - which is not much) the
firewall rules. So, if I wanted to allow remote access, I'd need to do
less, not more.
>
> > The serial approach is relatively simple and you
> > don't have to worry about future security holes discovered in the
> > tcp/ip stack, iptables and sshd.
>
> Other people are worrying about that. All you have to do is use good
> passwords and keep your system up to date. Much less attention is
> probably being paid to the security risks of mgetty or serial ports.
They may be full of security holes that are exploitable _locally_. But remotely?
Andras
More information about the fedora-list
mailing list