[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [ #670138]

From: Jim Meyering
Subject: Re: [Savannah-hackers-public] Re: [ #670138] Dom0 upgrade
Date: Mon, 21 Feb 2011 10:54:24 +0100

Bernie Innocenti wrote:
>> I'd go with fwknop:
>> i.e., keep the ssh port closed, and open it momentarily only upon
>> receipt of a packet whose contents is GPG signed by someone we'd let in.
> This is a valid defense line only for automated scanners. It doesn't
> address the original problem (one of the authorized keys leaking).

Sure it does.  It adds a layer.
With it, an attacker needs both GPG *and* ssh keys.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]