Hi!
I implemented a ssh conection from the outside to my intranet. This ssh requires a username and a password.
In terms of security what is more secure: require authentication (username and password) or having the public key of each user that connects to our intranet in the
authorized public key lists (in this case there is no need for username and password)?
In the second case there is no need of authentication and only the users wich have the public keys in the list are allowed to enter in my intranet.
This second solution is a good solution or that brings other security problems ?
Thanks.
--
Farewell.
"Keep your friends close, but your enemies closer."
"Do or do not. There is no try" - Yoda
João Reis
-------------------------------------------------------
Hey list,
On my box I have sendmail running. In order to use SMTP over SSL I run it
with stunnel in inetd:
smpts stream tcp nowait root /usr/local/sbin/stunnel stunnel -D
3 -p /usr/local/ssl/certs/stunnel.pem -r smtp
Further I configured sendmail to use SMTP AUTH. Everything works perfect.
But: smpts is on port 465. I configured my clients such that they use that
port. So far so good. But now port 25 can still be used to send email. I
could block it at the firewall but then I am not able to receive email any
more, because other mailservers are talking with me on that port. (right?)
Is there a solution that I can use SMTP over SSL and SMTP AUTH? Clients
should not be able to connect without SSL or SMPT AUTH!
Thanks
Raffy
I upgrade to the new 8-8.2.3 bind version, but, every morning the daemon
"named" is stop. Is any trying to hack me?
I have and real ip and I'm making hosting.
Thank you.
In log nothing appear.
--
www.geekcode.com
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/cc/e/it d++ s+:+ a-- C++$ UL+++$ E++ W+++$ w--- O----
M V- PS PE+++ Y+ PGP- t+ 5 X++ R tv+ b++ DI-- D+ G e++$
h! r++ y++
------END GEEK CODE BLOCK------
- A veces creo que hay vida en otros planetas, y a veces creo que
no. En cualquiera de los dos casos, la conclusión es asombrosa
(Carl Sagan)
-----------------------------------------------------------------
hi list,
in the last weeks i often got the syslog-message
that somebody wanted to update my bind-server
for somedomain which was of course denied by
my bind-system by default.
but:
are there any problems in the software i have
to think about with regard to a worst case
scenario...;-)
many thanks in advance,
bye
daniel
hi2all,
Regarding the security applications and features included in suse enterprise
edition, what it has more than the professional version?
Will be available any upgrade from professional to enterprise edition?
[ ]'s bacano
When starting up the nfsserver under Kernel 2.4.2 I get the error message
lockdsvc : invalid argument. Searching the Internet (thanks Google!), I
found some messages in the linux-kernel mailing list that there is no need
to start rpc.lockd from the init scripts any more when using rhe 2.4.X
kernels as it is loaded automatically on mount. I commented out these line
from /etc/rc.d/nfsserver:
checkproc -n lockd || \
/usr/sbin/rpc.lockd
and restarted the NFS server. The error is gone and so far everything
seems to work.
Two questions:
1) Am I inviting problems by commenting out these lines? Is there a
security
issue?
2) If they are no longer needed, could SuSE please fix the scripts.
Thanks,
Avi
--
Avi Schwartz Get a Life,
avi(a)CFFtechnologies.com Get Linux!
On Thu, 29 Mar 2001, you wrote:
> I am administering a system that needs access to certain ports, but I do
> not want to restrict access to these ports for these programs. The ports
> are 5555 and 7000. How do I do this do that it is still secure and won't
> create any security holes.
>
>
> thank you,
> michael
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com
> For additional commands, e-mail: suse-security-help(a)suse.com
well who do u want to have access to the host (all? or single ips?)
when it are single ips u can use the ipchains -I input -p tcp-s thefromip -d
yourinternetip portnumber -j ACCEPT
and after that
ipchains -A input -p -s 0/0 -d urip port -j REJECT.. then only the accepted ips
can enter.. otherwise make sure u cant login to that port using telnet etc
(like an ftp server wich u can access with telnet and then turn it off(
www.dutchriot.com))
hope that u have something about it
greetz
remko (NightWatcher IRCop(a)irc.quicknet.nl)
Security Admin / advisor
-------------------------------------------------------
Hello List
I have a small network base on private ips and have one
masquerading server.
I want to specify in TCP options on the other machines the gate
way machine as a dns server also.. Some abstraction..
I used to have named doing name caching for that. However
now I am trying to use SuSEFirewall (or even by hand) to do that work.
I mean.. All trafic from internal machines to firewall 's dns port (53) be
automatically redirected (and masqueraded) to one dns server of the ISP
(or both of those..)
I have a cable connection and a SuSE 7.1 FTP clean installation.
I believe it is SuSEfirewall 4.3 and kernel 2.4.2..
Is it possible ? I've looked and firewall's config and there are
two non matching option's : port redirection (No private ips) and local
port redirection (doesn't work!)
TIA
Diogo Quintela
/------------------------------------------------------------------
|| Diogo Bacelar Quintela
||-----------------------------------------------------------------
|| diogo.quintela(a)netcabo.pt // dbq(a)rnl.ist.utl.pt
||-----------------------------------------------------------------
|| PGP Public Key
|| http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x2099755D
\------------------------------------------------------------------