On Fri, 23 Oct 1998, Brian Demsky wrote:
> Ssh is the only intelligent thing to use for terminal sessions.
>
> Is there any ssh equivalent for file transfers?
scp, it comes with the ssh package from www.ssh.org. It does require that
you have an ssh agent on both ends though.
> Any suggestions for improving security... [I've shut-off all the
> daemons that weren't essential.] Firewalls aren't allowed...policy.
Don't run sendmail versions < 8.9.1, or if you do, run as suid
non-root-user_with_no_shell, and run it in a non-daemon mode, ie sendmail
-q15m. Use tcpwrappers too. It's sort of a firewall, but then again, if
everyone followed policy, you wouldn't be having these problems...
If things were that bad, I'd axe a bunch of common tcp/ip services too,
including finger, rlogin, and if you're using ssh, then axe ftp too. You
can do with scp. As for telnet, you can switch to rotating passwords, via
skey. That way you can still log into your system if the client doesn't
have an ssh agent.
Oh, and if you're running Red Hat, patch patch patch. It's Red Hat's
strongest point, imo.
I need a new sig,
Warren Wang, [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mulder: Imagine if you could come back and take out 5
people who had caused you to suffer. Who would they be?
Scully: I only get 5?
Mulder: I remembered your birthday this year, didn't I Scully?
*X-Files* The Truth is Out There*
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
