[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.
Dean S. Messing
deanm at sharplabs.com
Sat Dec 29 22:19:51 UTC 2007
Tom Horsley wrote:
: > How does one get into one's system from one's laptop if one is traveling
: > and forced to use the local hotel internet connection?
:
: If you can't know where you'll be connecting from, you probably can't
: use the IP address restrictions,
That's what I thought.
: but at least you can allow only public key access which will make
: things more secure.
Completely agree. The only time I allow an ssh password entry is on a
new machine to which I will connect from another machine, both of
which are behind a firewall, and only when I first bring the new
system up. (It has no public key files at that point.) The first
thing I do is copy keys onto and then turn off password
authentication.
Besides, I don't think you can forward password credentials via
ssh-agent / ssh-add, only public key credentials. ssh agent
forwarding is one of the nicest features of public key authentication.
Dean
More information about the users
mailing list