[Wylug-help] Smoothwall with UPS

[Phil Driscoll]

On Friday 31 January 2003 11:17 am, Frank Shute wrote:

>I've got my misgivings about Smoothwall as it happens.
I'm sure that nothing is perfect, but I've added Tripwire to my Smoothwall =
1.0
setup and it seems to be doing a good job so far :)

> I don't know what's so dangerous about passwordless ssh, AFAIK in
> order to crack it you need a recognised key and you'd have to spoof
> the IP address of the client.

>From the o'reilly 'ssh snailbook' faq:

 Regarding Plaintext (=3D unencrypted =3D "no-passphrase") Keys

 DON'T USE THEM.
 It is very common to see people giving out advice like this:  "Oh, automat=
ic
 login with SSH is easy - just get rid of that pesky  passphrase! Type when
 ssh-keygen prompts for a passphrase, and voil=E0!"

 This will indeed work. However, it is equivalent to placing your account
 password in a file in your home directory named PLEASE-STEAL-MY-PASSWORD.T=
XT,
 doing chmod 600, and feeling very secure.

Thanks to all for advice on this, but I've decided to ignore it all :) and =
run
a script to fake a post to the internal smoothwall web interface as though =
I
had clicked on the smoothwall button. This is the only solution so far whic=
h
doesn't require me to do something to the smoothwall box to reduce (however
slightly) its security, given that I would be using the web interface on my
internal network anyway.

Cheers
--
Phil Driscoll