On Wed, Aug 07, 2002 at 11:46:38PM -0700, Ben Barrett wrote: > Here here!! You could even keep your keys with your keys, to safeguard > the worst-case-scenario that your laptop gets stolen while in Paris: > use a USB flash drive, which you plug into the machine for login... you > could use an ecrypted filesystem on the keychain so that it is useless > if stolen... anywhoo there's a 16MB pendrive for ~$14 on dealnews, and > I've been stewing on this idea for a bit, what do you think? > http://dealnews.com/articles/39314.html
Why not? Let me know how durable it is. > Aside from that OT rant, I agree that IP-based auth isn't worth the > effort, plus I'd want the attempts logged if someone *was* trying! First of all, when did I say I was using the IP# as a form of authentication? Come on, I'm not stupid. I'm merely using it as a convenience to add more layers of security. Secondly, by blocking off all IP#s but the one expected, any attempt to connect *IS* logged (I could pass and log I suppose, but, why?), except, of course, if it's coming from my home machine. But then again, the remote systems would be expecting spi packets to make connections. (And then you'd have to know my internal IP addresses on my home systems). And thirdly, if you look in the archives, I've been telling people to use only passphrase protected keys with ssh for some time now. > When it comes down to it, the Paris hotel is what matters the most. For you maybe. I'm thinking more in the terms of home office. When I go out of the calling area, a whopping 3-4 times a year, I'm on vacation, that is, the servers aren't much of a priority. 99% of the time I'm within a half hour's bike ride from the servers. 99% of the time of the remaining 1%, I don't give a rat's @$$. And for the other 0.01%, well, life's not fair. But then again, I pretty much completely avoid having to get up at 3 am to fix a vulnerability, (like say, oh, I don't know, a secure shell vulnerability perhaps?) because, hey, not even I can get in because of all the "hassles" I've created for myself. > I had to stay at the hostel, but for travelling alone (and not having > many francs) its the best way. Prolly loads of 802.11* clouds now, well > worth having a transmitter if you're travelling. Hum, kinda funny to > touch on free wireless conenctivity when the thread is named "reliable > ISP's" = ) The latest news there is: I now get the IP (I decided to try a different phone number. No one from VyaNet support even suggested such a thing, but I had notes in my confs about old phone numbers), but no packets return. And get this, they called me on Monday to ask me for my password. I was rather reluctant to give it to them. So I read some more on isakmpd. -- <[EMAIL PROTECTED]>
