On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote: > Douglas Allan Tutty wrote in Article <[EMAIL PROTECTED]> posted to > gmane.linux.debian.user: > > It never hurts to have a border router between your network and the > Internet, with only the ports you intend to use forwarded to the > appropriate server.
You wouldn't consider a firewall box hooked up to my analog modem overkill? > > >> > If ssh isn't even listening on external interfaces, does it matter if I > >> > allow root to ssh (useful for rsyncing backups between the boxes)? > >> > >> I would recommend against allowing root ssh just in case. It's not that > >> hard to sudo anyway. > > > > But then how do I rsync the backups? For example, if I make it so that > > group adm can read everything, and I'm in group adm, should I just rsync > > it with my user name? OTOH, doesn't having group adm able to read the > > backups cause a decrease in security? If someone then gets adm access, > > they can read everything in the backups. > > rsync and ssh aren't the same, so I'm a little confused where you're coming > from here. rsync uses ssh as the transport layer, similar to scp. Yes, I _could_ set up an rsync daemon on each box but then everything is going over the network enclare. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
