Douglas Allan Tutty wrote in Article <[EMAIL PROTECTED]> posted to gmane.linux.debian.user:
> On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote: >> Douglas Allan Tutty wrote in Article <[EMAIL PROTECTED]> posted >> to gmane.linux.debian.user: >> > >> It never hurts to have a border router between your network and the >> Internet, with only the ports you intend to use forwarded to the >> appropriate server. > > You wouldn't consider a firewall box hooked up to my analog modem > overkill? If you're on dialup, you're probably fine with just what you have. If you're on a dedicated connection, you should take a look at http://www.dd-wrt.org/ for the cheap way into a decent router. >> >> > If ssh isn't even listening on external interfaces, does it matter >> >> > if I allow root to ssh (useful for rsyncing backups between the >> >> > boxes)? >> >> >> >> I would recommend against allowing root ssh just in case. It's not >> >> that hard to sudo anyway. >> > >> > But then how do I rsync the backups? For example, if I make it so that >> > group adm can read everything, and I'm in group adm, should I just >> > rsync >> > it with my user name? OTOH, doesn't having group adm able to read the >> > backups cause a decrease in security? If someone then gets adm access, >> > they can read everything in the backups. >> >> rsync and ssh aren't the same, so I'm a little confused where you're >> coming from here. > > rsync uses ssh as the transport layer, similar to scp. Interesting. I did not know that... for some reason, I thought it was in the rsh family... > Yes, I _could_ set up an rsync daemon on each box but then everything is > going over the network enclare. I'm not sure which of my language skills failed me here... Comment dites-vous l'"enclare" en anglais? -- Paul Johnson Email and IM (XMPP & Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
