as has already been hinted I think, does not ssh also allow one to acept
and deny connections on the order of tcpd?
Thanks,
Ron DuFresne
On Thu, 20 Apr 2000, Richard Noonan wrote:
> For me passing any administrative data in the clear is unacceptable
> and is prohibited by my employer. Were I in your situation I would be
> allowing ssh in/out to a specified internal host accessed by
> administrative staff only.
>
> -Rich
>
> On Thu, 20 Apr 2000, David Lang wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > for the commercial firewalls I use the provided tool, for the other
> > machines I use a one-time password to get through the firewall to them. It
> > isn't perfect (data can be sniffed), but I take the position that if I am
> > doing my job correctly it wouldn't matter if my root passwords were
> > posted, noone could get to where they could use them.
> >
> > This is a decision I made based on my perception of the relative risks
> > between
> >
> > 1. someone goes to the efort of getting the passwords and then finds an
> > application bug that gets them on the machine where they can use them (in
> > which case they may be getting on as root anyway)
> >
> > 2. inside people useing SSH to tunnel stuff through that I have no control
> > over becouse "it's only for me and it's not really a risk anyway"
> >
> > David Lang
> >
> >
> >
> > On Thu, 20 Apr 2000, Mark E. Drummond
> > wrote:
> >
> > > Date: Thu, 20 Apr 2000 15:38:06 -0400
> > > From: Mark E. Drummond <[EMAIL PROTECTED]>
> > > To: David Lang <[EMAIL PROTECTED]>
> > > Cc: Firewalls <[EMAIL PROTECTED]>
> > > Subject: Re: ssh defeats the firewall
> > >
> > > David Lang wrote:
> > > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > >
> > > > This is exactly the reason why I do not allow SSH through the firewalls I
> > > > manage.
> > >
> > > So do you do remote management of your UNIX boxen? If so, what do you
> > > use?
> > >
> > > --
> > > Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
> > > UNIX System Administrator|Royal Military College of Canada
> > > The Kingston Linux Users Group|http://signals.rmc.ca/klug/
> > > Saving the World ... One CPU at a Time
> > >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 6.5.2
> >
> > iQEVAwUBOP9NJz7msCGEppcbAQE6iggAnEi5Hy5vSNe85OvQVdpVA8yuXYBASINr
> > Jkd6OzMjLFg1wGmeRq/Mn3nxluOV6b1bvcSPRUKK1tWa4T0KF5vfFMT0G8gR4sW0
> > NitqUmGKUw7RusdYghI1ZZjNgly7DuqiUfksGkj9dTFWqO8+A57eMUvHnqZN6afm
> > gGaLOOYlUWG2roWELLDZ2QTs8e31ZuwBah5OnndoCRszDiRK8+1JRj0jDhSPann5
> > rdTbt2j0K32rkK95nIogasO/keI1feK0mSPL/8rK30whWuH9fPO976rW48k2tfKv
> > pGEQbky62Gc4jJkhAxb/U8ZKJDiO7aBAjZE33bI/o8/c0lMLidND3g==
> > =uSjE
> > -----END PGP SIGNATURE-----
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> --
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
