[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Passing password in ssh





On Jan 23, 2008 5:07 PM, John Summerfield <debian herakles homelinux org> wrote:
Aldo Foot wrote:
... snip...

> Perhaps a good practice is to configure accounts such as those for
> cron jobs to use only specific commands.
> Does anyone reading this thread uses such setup?
> I'll play with this a bit.

cron jobs are created either by your vendor (Fedora in this case), or by
users with access to accounts on the system.

If you use decent passwords, exercise due care with invited content
(email, www etc & especially software[1] you install/allow to be
installed), secure your servers[2] I don't think you have a lot to do with.

If you're trying to protect high-value assets, best to hire an expert
with the skills needed, it's pretty clear you don't have them.


[1] I'm very picky. Most stuff from the FOSS world I trust, it will
quickly get a bad name if it contains malware. I mostly avoid Acrobat &
flash (the latter's main use seems to be adware, and there are serious
security concerns), and absolutely shun toys such google desktop etc.

[2] I run ssh, and I allow five connexions/hour globally (not per source
IP) from parts of the world I don't expect connexions from, it covers me
for the case I've been too strict. I don't think anyone's going to
succeed with even a weak password without a fair bit of lock. I don't
think my password's weak.


--

Cheers
John


I have a couple of questions:

1. If you use the connection/hour limit scheme does it mean you don't
    use tcpwrappers and you only rely on user/password for authorization?

2. Is this what you use to configure five ssh connections per hour?
    #tcplimit 22 5 hour on

~af


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]