How do I gracefully exit/shutdown a "remote" machine?

CLIFFORD ILKAY clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org
Thu Jul 21 02:45:17 UTC 2005 

On July 20, 2005 19:06, William Park wrote:
> On Wed, Jul 20, 2005 at 05:53:32PM -0400, Henry Spencer wrote:
> > On Wed, 20 Jul 2005, CLIFFORD ILKAY wrote:
> > > > ...direct root login can be very convenient for administering
> > > > machines on a seriously-private network, but...
> > >
> > > I disable remote root access on all my machines. How about
> > > disallowing password auth completely and only allowing key
> > > based auth?
> >
> > Crypto authentication -- of both machines and users -- is
> > definitely the way to go if you're going to allow direct root
> > login, and there is much to be said for it in general.
> >
> > (Knowing the root password on my secondary machines wouldn't help
> > you, because it doesn't get you in.  Either the machine already
> > knows who a remote user is and where he's calling from, by crypto
> > authentication, and thus doesn't need to ask for a password, or
> > it doesn't know, and will reject the connection without ever
> > prompting for a password.)
>
> Henry and Clifford,
>
> This issue is my pet peeve, partly because most people simply buys
> the hype because it's in the news.  I do password access only (ie.
> disable key encryption) for all machine access, and do file
> encryption if it's sensitive.  Main reason is that computers get
> stolen.
>
> How would you counter this point?  If you have a machine in
> Waterloo, and your Toronto workstation is stolen.  No one in
> Waterloo knows you, and your car is in garage for a week.  What do
> you do?

Even if someone managed to steal my private RSA key, it would not do 
him much good as I have a very strong pass book, err, phrase on it. 
Nonetheless, if a machine with my private key on it got stolen, I 
would assume that all keys are compromised and remove the public keys 
from all the servers that I have put them on immediately and replace 
them with new keys.
-- 
Regards,

Clifford Ilkay
Dinamis Corporation
3266 Yonge Street, Suite 1419
Toronto, ON
Canada  M4N 3P6

+1 416-410-3326
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list