[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] HOWTO: Security
From: |
Eric S. Raymond |
Subject: |
Re: [gpsd-dev] HOWTO: Security |
Date: |
Tue, 24 May 2016 18:49:29 -0400 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Gary E. Miller <address@hidden>:
> Yo Eric!
>
> On Tue, 24 May 2016 18:03:51 -0400
> "Eric S. Raymond" <address@hidden> wrote:
>
> > > Or even disable password logins altogether and use ssh keys only.
> > > But that's not for the HOWTO's target audience, unfortunately.
> >
> > Actually ./clockbuilder --secure does exactly that. Gary's argument
> > is that the --secure step should be done first rather than last. It's
> > somewhat undermined by the fact that under his assumptions even that
> > isn't good enough.
>
> I do not want the best to be the enemy of the better. I'll settle for
> the next small improvement.
There's a simpler way. First step becomes changing the default-user
password using a local display and keyboard, *before* the Ethernet is
plugged in.
That really is airtight, unless you choose a password that's so weak
that it's early in a rainbow table and the cracker gets lucky before
the later point where you disable password tunneling entirely.
I didn't like what you were advocating before because it increased the
number of early by-hand steps a lot without actually plugging the hole,
just narrowing it a little. This I like better.
Interestingly enough, my wife Cathy came up with this one as I was explaining
the problem to her over dinner. Score one for sharp Philadelphia lawyers.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
signature.asc
Description: Digital signature
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, (continued)
- Re: [gpsd-dev] Draft Stratum 1 Microserver HOWTO is up, Gary E. Miller, 2016/05/24
- [gpsd-dev] HOWTO: Security, Hal Murray, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Paul Fertser, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security,
Eric S. Raymond <=
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Kurt Roeckx, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Gary E. Miller, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Hal Murray, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Hal Murray, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Eric S. Raymond, 2016/05/24
- Re: [gpsd-dev] HOWTO: Security, Hal Murray, 2016/05/24