Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org

From:	Jim Meyering
Subject:	Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Date:	Mon, 21 Feb 2011 10:54:24 +0100

Bernie Innocenti wrote:
...
>> I'd go with fwknop:
>>
>>     http://www.cipherdyne.org/fwknop/docs/SPA.html
>>
>> i.e., keep the ssh port closed, and open it momentarily only upon
>> receipt of a packet whose contents is GPG signed by someone we'd let in.
>
> This is a valid defense line only for automated scanners. It doesn't
> address the original problem (one of the authorized keys leaking).

??
Sure it does.  It adds a layer.
With it, an attacker needs both GPG *and* ssh keys.

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Sylvain Beucler, 2011/02/16
- Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/16
  - Message not available
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Sylvain Beucler, 2011/02/20
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/20
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/20
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/20
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering <=
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Bernie Innocenti, 2011/02/21
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/22
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Michael J. Flickinger, 2011/02/22
    - Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade, Jim Meyering, 2011/02/22

Prev by Date: [Savannah-hackers-public] Bazaar server on savannah
Next by Date: Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Previous by thread: Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Next by thread: Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Index(es):
- Date
- Thread