Robert Brockway wrote:
The key is that the console server should be no less secure than the
servers who's consoles it has. This is because if someone takes control
of the console server it is only a matter of time before they gain access
to the other boxes. Usually this isn't a big deal as a fulltime console
server would not run any services and would allow access via ssh with PKI
authentication only.
Regarding PKI, are there any Debian or non-Debian packages you recommend
for this use? Can you elaborate on your reasoning here, for a non-expert in
security, or at least point to some links? I am particularly interested in
why you think PKI is better than the plain ssh password/login procedure
for this application, and how you keep your keys secure (i.e. thumb drive?
Floppy? Theft issues?)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
