Re: Locking down ssh config in large env

• Previous message: Mordread Wallas: "Fwd: scp encryption"
• Maybe in reply to: lonely wolf: "Re: Locking down ssh config in large env"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: secureshell@securityfocus.com
Date: Fri, 1 Oct 2004 12:08:46 +0300 (EEST)

Michael Shirk (Shirkdog) wrote:

> Thanks for fixing my error. (It is nice when people understand you when you type silly things :-)

No problem. BTW Your lines are not word wrapped and all your lines end
with over 200 spaces. It is annoying.

> I found the same info as you on chattr (well, use ext2 LOL).

You have to expand this a bit further to appreciate its real impact.

I think you meant to say "first of all, ditch IRIX for Linux on your
128-CPU SGI Origin 2000 cluster and Solaris for Linux on your Sun
E10000... if you're still running at all, ditch all journaling file-
systems for an old-fashioned filesystem that needs to be checked
painstakingly every so often, taking hours to do the check at bootup".

> But there has to be a way to protect that file from modification.

There isn't. There certainly isn't a universal way of doing it.
Even if there was a way, universal or not, it would not help as long
as users can bring in their own binaries that call ".ssh" something
different altogether.

-- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS

• Previous message: Mordread Wallas: "Fwd: scp encryption"
• Maybe in reply to: lonely wolf: "Re: Locking down ssh config in large env"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]