[nycbug-talk] SANS ISC post on SSH

George Georgalis george at galis.org
Wed Feb 6 12:02:14 EST 2008


On Wed, Feb 06, 2008 at 11:24:19AM -0500, Jesse Callaway wrote:
>I'm particularly interested in the authorized_keys file use he
>mentions. I saw this while trying to set up some automated /etc
>backups. I am STILL setting it up because of not being able to rest
>regarding the automation and root access over the net.

while not fool proof, one thing that can be done is run cron
from an ssh-agent environment where your passphrase has been
manually added. in any event I tend to keep the "SOA" in mind.
Hosts that establish connections have greater value and security
than hosts that receive them. eg never connect to a secure host
from an insecure one, always make ssh a one way street.

// George


-- 
George Georgalis, information system scientist <IXOYE><



More information about the talk mailing list