How do I gracefully exit/shutdown a "remote" machine?
CLIFFORD ILKAY
clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org
Thu Jul 21 02:45:17 UTC 2005
On July 20, 2005 19:06, William Park wrote:
> On Wed, Jul 20, 2005 at 05:53:32PM -0400, Henry Spencer wrote:
> > On Wed, 20 Jul 2005, CLIFFORD ILKAY wrote:
> > > > ...direct root login can be very convenient for administering
> > > > machines on a seriously-private network, but...
> > >
> > > I disable remote root access on all my machines. How about
> > > disallowing password auth completely and only allowing key
> > > based auth?
> >
> > Crypto authentication -- of both machines and users -- is
> > definitely the way to go if you're going to allow direct root
> > login, and there is much to be said for it in general.
> >
> > (Knowing the root password on my secondary machines wouldn't help
> > you, because it doesn't get you in. Either the machine already
> > knows who a remote user is and where he's calling from, by crypto
> > authentication, and thus doesn't need to ask for a password, or
> > it doesn't know, and will reject the connection without ever
> > prompting for a password.)
>
> Henry and Clifford,
>
> This issue is my pet peeve, partly because most people simply buys
> the hype because it's in the news. I do password access only (ie.
> disable key encryption) for all machine access, and do file
> encryption if it's sensitive. Main reason is that computers get
> stolen.
>
> How would you counter this point? If you have a machine in
> Waterloo, and your Toronto workstation is stolen. No one in
> Waterloo knows you, and your car is in garage for a week. What do
> you do?
Even if someone managed to steal my private RSA key, it would not do
him much good as I have a very strong pass book, err, phrase on it.
Nonetheless, if a machine with my private key on it got stolen, I
would assume that all keys are compromised and remove the public keys
from all the servers that I have put them on immediately and replace
them with new keys.
--
Regards,
Clifford Ilkay
Dinamis Corporation
3266 Yonge Street, Suite 1419
Toronto, ON
Canada M4N 3P6
+1 416-410-3326
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list