On Sunday 29 September 2002 07:49 pm, Ben Rosenberg wrote:
just because one pkg that the others use is broken. If your associate has any clue about security then he has setup privsep and run's all of the ssh connections in a chrooted environment which is the prudent thing to do. OpenSSH and OpenSSL are not at issue here. The air between the keyboard and the chair are. A compitant admin keeps abreast of what's going on and tries to keep the system safe as possible. Nothing is sure
Actually I would disagree that this ideal. If you chroot SSH then you can't log into the system remotely and execute anything without adding it to the chrooted environment. I agree that most other daemons should be run this way but SSH isn't the best daemon to run this way. Now if you mean creating chrooted users that is different. The problem with these ideas though is that most "servers" are remotely administrated, and chrooting ssh means you have to setup another method to gain root, which sort of defeats the purpose of a chrooted environment. Your best choices here are to firewall your environment so that only "trusted" systems can reach it. And also you should ensure that your security tools are the most recent versions available regardless of what versions SuSE or anyone else is distributing.
fire as far as security accept removing the CDROM, Floppy drive, network cable and basically shutting the machine off. If there is a problem then a cracker will find it. But keeping up on such things makes it a little bit better.
This is true, no true way to be secure while you are connected, all you can do is make yourself less of a target than everyone else.