[lug] Firewall / Lockdown questions
dio2002 at indra.com
dio2002 at indra.com
Wed Aug 1 01:57:49 MDT 2007
> A whole article in and of itself. X Forwarding yes/no?
No
> So called
> "passwordless" SSH with keys pre-exchanged, yes/no.
I've read different things about that which seem to say passwordless is
the most secure. but it looks like you have to be really careful about
setting it up and it probably can become an admin nightmare the more login
accounts you have.
so i'm leaning against no passwords and towards very limited login /
password access (with strong passwords) for certain users only. which i
would then lock down further by ip.
> Allow root > logins, yes/no? (that one can almost always be a no, and
probably should be the default, but rarely is)
nada. su from a limited ssh account only.
> Etc etc etc. Lots of articles
I know... that's the problem ;-)
More information about the LUG
mailing list