SYSTEM: (1) firewall/router (SmoothWall Express 2.0) which (using NAT) provides and protects both a "green" zone for a LAN and an "orange" zone ("DMZ") for a publicly-accessible server
(2) ftp or http server in the DMZ (3) desktop machine in the LAN from which the sysop maintains the server SITUATION: It is convenient to use "scp" for transferring files between the desktop machine in the LAN and the server, and to use "ssh" for remote maintenance of the server, again from the desktop machine in the LAN. And to eliminate the constant typing of password, ssh-agent can be installed. Such remote maintenance of the server from a machine in the LAN becomes tedious unless there is on each machine an account with the same username, password, and passphrase. QUESTION: Is there a major or unreasonable security risk if the sysop creates on the server an account with the same username, password, and passphrase as his account on the desktop machine? That is, if the server is compromised, should the sysop change his password, passphrase, etc.? If so, what is the recommended alternative? Is there a HOWTO on this subject? RLH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]