From owner-freebsd-security Thu Jan 20 10:47:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from loki.iss.net (loki.iss.net [208.21.0.3]) by hub.freebsd.org (Postfix) with ESMTP id 6876D14D1A for ; Thu, 20 Jan 2000 10:47:14 -0800 (PST) (envelope-from rmooney@iss.net) Received: from arden.iss.net (IDENT:rmooney@arden.iss.net [208.27.172.3]) by loki.iss.net (8.9.3/8.9.3) with SMTP id NAA08122; Thu, 20 Jan 2000 13:46:52 -0500 Date: Thu, 20 Jan 2000 13:46:52 -0500 (EST) From: Robert Mooney To: cjclark@home.com Cc: NoCoN FLiC , jonf@revelex.com, freebsd-security@FreeBSD.ORG Subject: Re: ssh. In-Reply-To: <20000120104418.A72685@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You don't have to use root for remote backups. Granted, if someone compromises your backup account, you're in serious trouble enough, assuming the account has read access to your drive devices. But it's still somewhat better than using root. On Thu, 20 Jan 2000, Crist J. Clark wrote: > On Thu, Jan 20, 2000 at 09:30:17AM +0000, NoCoN FLiC wrote: > > > > > > > >And someone who breaks in can easily fake that email. > > > > > >My personal solution (I know you are all dying for it)? > > > > > >Make sure root's .ssh directory is watched _very_ closely by > > >Tripwire. Setup Tripewire to use read-only media (e.g. write > > >protected floppy). > > >-- > > > > For what need, would one have to even remotely Logon to the root account, > > my advice to to not even have a ~/root/.ssh to begin with. > > to me it's about as silly as ~/root/.rhosts. > > Automated dumps over the network is what I use it for. > > And before anyone says it, don't tell me to use Amanda unless you have > very specific arguments why it would be any more secure than SSH. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message