[Wylug-help] Smoothwall with UPS
Frank Shute
Frank Shute <frank at esperance-linux.co.uk>
Fri, 31 Jan 2003 11:17:46 +0000
On Fri, Jan 31, 2003 at 10:26:00AM +0000, Phil Driscoll wrote:
>
> On Friday 31 January 2003 8:57 am, Gary Stainburn wrote:
> > Probably the best/simples idea is to have your server simply ssh a shutdown
> > command to the smoothie.
> >
> Thanks Gary.
> I'd toyed with that one (in fact I actually got it going), but every document
> I read on the subject says to avoid passphrase-less ssh if at all possible,
> and I guess I ought to be paranoid since this is my firewall.
>
I don't know what's so dangerous about passwordless ssh, AFAIK in
order to crack it you need a recognised key and you'd have to spoof
the IP address of the client. I'm sure you're aware of the OpenSSH
vulnerability a while back:
http://www.kb.cert.org/vuls/id/389665
If you're really paranoid use OpenBSD and ssh over IPsec ....and ssh
with a password using `expect' ;)
I've got my misgivings about Smoothwall as it happens.
OpenBSD has new security features in CURRENT:
http://bsd.slashdot.org/bsd/03/01/31/0033236.shtml?tid=122&tid=172
--
Frank
*-*-*-*-*-*-*-*-*-*-*
Boroughbridge.
Tel: 01423 323019
---------
PGP keyID: 0xC0B341A3
*-*-*-*-*-*-*-*-*-*-*
http://www.esperance-linux.co.uk/
Call yourself a computer professional? Congratulations. You are
responsible for the imminent collapse of civilization.
- Michael Bacarella