Re: My hard-to-kill OpenBSD
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Sent: Thursday, April 12, 2007 1:03 PM To: [EMAIL PROTECTED] Subject: Re: My hard-to-kill OpenBSD snip I've noticed that to a lot of techies have this attitude: if it isn't GUI, it's not worth knowing. I said GUI instead of Windows because now that you can do a lot of things with a GUI on Linux, even the Linux people are starting to have this attitude, especially newbies. It's even frustrating to teach a newbie the advantages of vi. Never mind that I would much rather talk a computer-illiterate person over the phone on how to change a configuration file with vi than any other GUI text editor. When I first started toying with OpenBSD, I installed it on an old system laying around. Then I got bored and tried to install Debian, Red Hat, NetBSD, and FreeBSD. All of them could not get past the installation routines. So I put OpenBSD back on. This really isn't a fair story because it was so long ago and I don't remember all the details. But I do remember the impression OpenBSD had on me because of this. It's not only the users. It's the disto makers, as well. If you've seen any current distros of Linux, almost all of them are standardizing on GUI installs, and GUI management. In fact, they've gotten to the point where it's getting much harder to manage them through the command-line, because of the insane configuration files that redhat, suse, and the others are using now. What's worse is that since new sysadmins are not learning the command-line anymore, they're going to be in a LOT of trouble if the GUI is broken (i.e., xorg.conf is misconfigured). While using a GUI can be useful, having easy, complete control from a command-prompt is vital. My OpenBSD install has no X installed, and is fully managed via ssh or console. That's the way UNIX was meant to be managed. -- Jordan Klein ~ Beware of dragons [EMAIL PROTECTED] ~ for you are crunchy Solaris / OpenBSD / Linux Admin ~ and go well with ketchup
Re: slow terminal on macppc
A number of graphically-oriented systems are faster in X than in console mode. This includes sparc, sparc64, macppc, probably others. That's considered normal. :) Nick. I believe the cause is the video hardware. The PC video hardware has always had built-in text-mode with built-in (or loadable) text fonts. As such, the PC video cards can render text very quickly and OpenBSD (and pretty much any other UNIX-like system for i386) takes advantage of that. However, for the macppc, sparc/sparc64, and pretty much anything that uses a framebuffer, text rendering is done through software, not the hardware, so it's far slower. If you happened to have an old Sun or Mac around, you can see how slow by getting into Openboot (Sun) or Openfirmeware (Mac) and see just how slow display performance is. -- Jordan Klein ~ Beware of dragons [EMAIL PROTECTED] ~ for you are crunchy Solaris / OpenBSD / Linux Admin ~ and go well with ketchup
Re: mission impossible
On May 19, 2005, at 6:47 AM, Kaj Mdkinen wrote: Is this secure? I have set up an authpf on my firewall. When I authenticate with an ssh2 des keyfile the firewall passes and forwards it to my windows computer according to my rules in authpf.rules. On my windows computer I run Cygwin sshd also with ssh2 PubkeyAuthentication. Of courseI have PasswordAuthentication no , PubkeyAuthentication yes and Protocol 2 in my sshd_config. An attackeron my open-bsd box gets the login prompt but no password prompt withouth the keyfile. The error is then this: Received disconnect from xxx.xxx.xxx.xxx 11: No supported authentication methods available Won't this be a mission impossible to hack? Nothing is impossible. It's possible an attacker could discover a flaw in pf or authpf and find a way around it's restrictions. It's also possible that someone could discover a security hole in OpenBSD and use that to compromise your system. The likelihood is small, since this is OpenBSD, and it's a very tight ship, but not impossible. I'm no security guru, but it sounds to me like your setup is secure, in that you're putting multiple levels of walls between outside users and your system. Enjoy restful nights, while Windows and Linux admins nervously toss and turn in their sleep. :-) -- Jordan Klein~ Beware of dragons [EMAIL PROTECTED] ~ for you are crunchy Unix Administrator ~ and go well with ketchup