[ale] remote iptables administration

Jason Day jasonday at worldnet.att.net
Wed Oct 8 14:01:13 EDT 2003


On Wed, Oct 08, 2003 at 12:42:06PM -0400, Dan Newcombe wrote:
> I guess that's what I meant...I thought that the host based authentiction
> in ssh used the keys as opposed to just imitating what rsh did.

There are really two kinds of host based authenticaiton that ssh can do
(and I didn't realize this when I sent the last message).  The first
kind is essentially the same as rsh, using /etc/hosts.equiv, ~/.rhosts,
or ~/.shosts.  The second kind additionally requires the server to
verify the client's host key.  So that would also protect against
spoofing the client hostname or IP.

Additionally, there is RSA authentication, which *could* be slightly
more secure than the host-based plus host-key method.  I say "could be"
because if you use RSA public-key authentication, you can still use a
strong passphrase for your private key, and use an auth agent to get
automated logins.  This will offer some protection if a client is ever
compromised and the private key recovered.

For what you want to do, though, host-based plus host-key will probably
be good enough.

Jason
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9



More information about the Ale mailing list