How do I gracefully exit/shutdown a "remote" machine?
William Park
opengeometry-FFYn/CNdgSA at public.gmane.org
Wed Jul 20 23:06:12 UTC 2005
On Wed, Jul 20, 2005 at 05:53:32PM -0400, Henry Spencer wrote:
> On Wed, 20 Jul 2005, CLIFFORD ILKAY wrote:
> > > ...direct root login can be very convenient for administering
> > > machines on a seriously-private network, but...
> >
> > I disable remote root access on all my machines. How about
> > disallowing password auth completely and only allowing key based
> > auth?
>
> Crypto authentication -- of both machines and users -- is definitely
> the way to go if you're going to allow direct root login, and there is
> much to be said for it in general.
>
> (Knowing the root password on my secondary machines wouldn't help you,
> because it doesn't get you in. Either the machine already knows who a
> remote user is and where he's calling from, by crypto authentication,
> and thus doesn't need to ask for a password, or it doesn't know, and
> will reject the connection without ever prompting for a password.)
Henry and Clifford,
This issue is my pet peeve, partly because most people simply buys the
hype because it's in the news. I do password access only (ie. disable
key encryption) for all machine access, and do file encryption if it's
sensitive. Main reason is that computers get stolen.
How would you counter this point? If you have a machine in Waterloo,
and your Toronto workstation is stolen. No one in Waterloo knows you,
and your car is in garage for a week. What do you do?
--
William Park <opengeometry-FFYn/CNdgSA at public.gmane.org>, Toronto, Canada
ThinFlash: Linux thin-client on USB key (flash) drive
http://home.eol.ca/~parkw/thinflash.html
BashDiff: Super Bash shell
http://freshmeat.net/projects/bashdiff/
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list