Re: [SLUG] ssh certificate logins
Mary Gardiner wrote: There is one potential disadvantage of non-standard ports: there are a few networks with a default-deny outgoing connection policy who open port 22, but do not open most ports. (I find 443 the most useful alternative port to run SSH on, outgoing to 443/HTTPS is very often open!) OK, raise their hand everyone here who runs an SSH server somewhere out on the net on port 443 for the deliberate purpose of tunneling through a work-related proxy server / firewall combination to do non-proxy-allowed stuff. (/me sheepishly raises hand) (/me points at *everyone* at a certain large organisation that will remain nameless) :) Del -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh certificate logins
2008/10/12 Del [EMAIL PROTECTED]: Mary Gardiner wrote: There is one potential disadvantage of non-standard ports: there are a few networks with a default-deny outgoing connection policy who open port 22, but do not open most ports. (I find 443 the most useful alternative port to run SSH on, outgoing to 443/HTTPS is very often open!) OK, raise their hand everyone here who runs an SSH server somewhere out on the net on port 443 for the deliberate purpose of tunneling through a work-related proxy server / firewall combination to do non-proxy-allowed stuff. (/me sheepishly raises hand) (/me points at *everyone* at a certain large organisation that will remain nameless) :) Del /me raises hand Though only since contracting at said large organisation[1]... there are other ways at uni. cheers, Owen. Footnotes: -- [1] Assuming we're thinking of the same one... otherwise... it's the same idea. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] OSDC 2008 Sydney - Earlybird Registration is now open!
Hi, Earlybird Registration for The Open Source Developers' Conference 2008 is now open. OSDC 2008 is a conference run by open source developers, for developers and business people. It covers numerous programming languages across a rangeof operating systems, and related topics such as business processes, licensing, and strategy. Talks vary from introductory pieces through to the deeply technical. This year we have an exciting selection of presenters and keynote speakers including: * Larry Wall, the creator of Perl * Chris DiBona, Open Source Progams Manager for Google * Andrew Tridgell, Founder, Samba Team * Anthony Baxter, Python Evangelist * Pia Waugh, Consultant, Waugh Partners Check out the draft program: http://www.osdc.com.au/2008/papers/ The conference will be in Sydney during the first week of December (2nd - 5th), and will be held at the SMC conference venue located in the Sydney CBD. Please visit http://www.osdc.com.au/2008/registration/ to register. Earlybird registration closes 27th October, 2008. For more information about this event, please visit: http://www.osdc.com.au/. Regards OSDC 2008 Organising Committee -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh certificate logins
On Sun, Oct 12, 2008 at 09:48:59PM +1100, Owen Townend wrote: 2008/10/12 Del [EMAIL PROTECTED]: Mary Gardiner wrote: There is one potential disadvantage of non-standard ports: there are a few networks with a default-deny outgoing connection policy who open port 22, but do not open most ports. (I find 443 the most useful alternative port to run SSH on, outgoing to 443/HTTPS is very often open!) OK, raise their hand everyone here who runs an SSH server somewhere out on the net on port 443 for the deliberate purpose of tunneling through a work-related proxy server / firewall combination to do non-proxy-allowed stuff. (/me sheepishly raises hand) (/me points at *everyone* at a certain large organisation that will remain nameless) sort of, I use 563 which is nntps and many large org's allow this through as well, I did this before openvpn could shadow a port so that you can have 443 be https and openvpn Alex :) Del /me raises hand Though only since contracting at said large organisation[1]... there are other ways at uni. cheers, Owen. Footnotes: -- [1] Assuming we're thinking of the same one... otherwise... it's the same idea. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh certificate logins
On Sunday 12 October 2008 10:00:04 [EMAIL PROTECTED] wrote: We I don't know what makes you flame so hard with a simple suggestion of mine. I've tested PortKnock, I like it and I feel comfortable with it. Since Phill had asked an open question for alternative approaches to secure his network, I made a simple suggestion. I don't know why you take it so personally to prove your point better than mine and start an all out war with it, or is it the technical supremacy ego that kicks in at times... Mate, we all don't know everything, but we're here to learn and share with others... I'm sure you have more knowledge and experience than me and I respect you for that. And I'm sure your CGI script or some other approach would do the trick just fine, but what I learnt along the way I thought of sharing in this space am I wrong for it, you be the judge. IMHO port knocking is a silly waste of complexity, specially since establishing (in practice) that non-standard ports makes the problem disappear so in that respect I found Daniels arguments well presented and met the goals of 'learn and share'. He may have presented his argument pedantically, but each and every assertion is presented in a way that I can debate or test, so it was very useful James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] linux.conf.au 2009: programme announced and registrations open
Hi all, linux.conf.au 2009 (Hobart, January) has announced their programme and ticket registrations are open. Hobbyist and Professional registration levels have early bird prices until 3 November or until the earlybird limit of 200 tickets is reached, whichever happens *sooner*. Programme: http://linux.conf.au/programme/schedule/ Registration: http://linux.conf.au/register/prices_ticket_types -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html