From owner-freebsd-security Thu Jan 20 7:40:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 7BD1115159 for ; Thu, 20 Jan 2000 07:40:08 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id KAA72710; Thu, 20 Jan 2000 10:44:18 -0500 (EST) (envelope-from cjc) Date: Thu, 20 Jan 2000 10:44:18 -0500 From: "Crist J. Clark" To: NoCoN FLiC Cc: jonf@revelex.com, freebsd-security@FreeBSD.ORG Subject: Re: ssh. Message-ID: <20000120104418.A72685@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000120093017.18539.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000120093017.18539.qmail@hotmail.com>; from jslat@hotmail.com on Thu, Jan 20, 2000 at 09:30:17AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 20, 2000 at 09:30:17AM +0000, NoCoN FLiC wrote: > > > > >And someone who breaks in can easily fake that email. > > > >My personal solution (I know you are all dying for it)? > > > >Make sure root's .ssh directory is watched _very_ closely by > >Tripwire. Setup Tripewire to use read-only media (e.g. write > >protected floppy). > >-- > > For what need, would one have to even remotely Logon to the root account, > my advice to to not even have a ~/root/.ssh to begin with. > to me it's about as silly as ~/root/.rhosts. Automated dumps over the network is what I use it for. And before anyone says it, don't tell me to use Amanda unless you have very specific arguments why it would be any more secure than SSH. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message