Date: Thu, 20 Jan 2000 13:46:52 -0500 (EST) From: Robert Mooney <rmooney@iss.net> To: cjclark@home.com Cc: NoCoN FLiC <jslat@hotmail.com>, jonf@revelex.com, freebsd-security@FreeBSD.ORG Subject: Re: ssh. Message-ID: <Pine.LNX.3.95.1000120134203.10075E-100000@arden.iss.net> In-Reply-To: <20000120104418.A72685@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You don't have to use root for remote backups. Granted, if someone compromises your backup account, you're in serious trouble enough, assuming the account has read access to your drive devices. But it's still somewhat better than using root. On Thu, 20 Jan 2000, Crist J. Clark wrote: > On Thu, Jan 20, 2000 at 09:30:17AM +0000, NoCoN FLiC wrote: > > > > > > > >And someone who breaks in can easily fake that email. > > > > > >My personal solution (I know you are all dying for it)? > > > > > >Make sure root's .ssh directory is watched _very_ closely by > > >Tripwire. Setup Tripewire to use read-only media (e.g. write > > >protected floppy). > > >-- > > > > For what need, would one have to even remotely Logon to the root account, > > my advice to to not even have a ~/root/.ssh to begin with. > > to me it's about as silly as ~/root/.rhosts. > > Automated dumps over the network is what I use it for. > > And before anyone says it, don't tell me to use Amanda unless you have > very specific arguments why it would be any more secure than SSH. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.1000120134203.10075E-100000>