savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org


From: Jim Meyering
Subject: Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Date: Mon, 21 Feb 2011 10:54:24 +0100

Bernie Innocenti wrote:
...
>> I'd go with fwknop:
>>
>>     http://www.cipherdyne.org/fwknop/docs/SPA.html
>>
>> i.e., keep the ssh port closed, and open it momentarily only upon
>> receipt of a packet whose contents is GPG signed by someone we'd let in.
>
> This is a valid defense line only for automated scanners. It doesn't
> address the original problem (one of the authorized keys leaking).

??
Sure it does.  It adds a layer.
With it, an attacker needs both GPG *and* ssh keys.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]