Re: Re: Re: open telnet port

[Dave Ewart <Dave.Ewart () cancer org uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday, 09.09.2004 at 10:47 -0400, Kenneth Ng wrote:

> You really should not need this as the norm.  I do this when I'm
> working on the ssh daemons, but thats about the only time.  What I do
> is I enable it on a screwball port number, then use tcp wrappers to
> only allow access from my ip address and change the root password
> before I begin.  In that way the opening is there while I may need it,
> and if I use the temporary root password, it won't do them much good
> unless they compromise the host I'm coming from.  Afterwards I disable
> the service and change the root password back.
>
> If you need this on as the norm, please at least use TCP wrappers to
> limit  from where it can be accessed, and change any used passwords
> immediately after reestablishing control.

Or, alternatively just use another SSH daemon or a different port and
not have to faff around with exposing passwords in the first place :-)

Dave.
- -- 
Dave Ewart
Dave.Ewart () cancer org uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQHLfbpQs/WlN43ARAuacAJoDuWWfOcfxc+eo20Xzs3gI1OZpWwCeLbZs
NcGTEVhQy57dN/4yvuIN3R4=
=5H6S
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html