On Fri, 02 May 2003 at 06:20:58PM +0200, Peter Ondraska wrote:
> Doesn't TCP/IP have only at most 4 layers?
In the OSI model there are 7 Layers. TCP/IP takes up only two of them
(3 & 4).
Layer 1 - Physical - Cat5, Fiber, etc.
Layer 2 - Datalink - Ethernet, FDDI, etc.
Layer 3 - Network - IP, IPX,
Hans van Leeuwen <[EMAIL PROTECTED]> wrote:
> Hello,
>
> My company has created an application that allows remote users to edit
> their DNS-records. This app needs to restart bind on the remote nameservers.
This is a poor way to do dynamic DNS.
> I have decided to do this thrue SSH by putting t
On Fri, May 02, 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> My company has created an application that allows remote users to edit
> their DNS-records. This app needs to restart bind on the remote nameservers.
bind never needs to be restarted, use rndc or dns updates with key.
bastian
-
On Fri, 2 May 2003, Phillip Hofmeister wrote:
> On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in
> > authorized_keys2. But this seems a little risky, so I was wondering if
> > it was possible to get sshd to on
On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
SSHD cannot do what you
Oliver Hitz wrote:
It is also possible to further restrict this connection. Something
like
command="/etc/init.d/bind restart",from="..." ssh-rsa ...
This does the job. Only I execute 'bind restart' thrue a small C-program
with a suid-bit.
Thanks for the help everybody!
Hans
On Fri May 02, 2003 at 02:34:17PM +0200, Oliver Hitz wrote:
> On 02 May 2003, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in
> > authorized_keys2. But this seems a little risky, so I was wondering if
> > it was possible to get sshd to only allow the c
On 02 May 2003, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
If these remote users always connect from the sa
Danny De Cock wrote:
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
I understand that MAC-adresses can be spoofed, but I thought I would
Kay-Michael Voit wrote:
did you consider just to blockother mac-addresses through iptables?
Yes, but the MAC should just be checked for one specific user.
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh acces
No, just one user with limited ri
DDC> using mac addresses for client authentication seems to me as an extremely
DDC> risky business as a mac address can easily be copied/cloned/spoofed...
DDC> imho, it does not offer any authentication at all...
i under stood it as additional security to certificates or passwords (more like
secu
Hello,
are you really sure, that your dns server and all customers are located
in the same ip subnet? Authentication via the mac address of your
internet router does not seem to be very secure idea... ;)
achim
--
Demokratie beruht auf drei Prinzipien: auf der Freiheit des Gewissens,
auf der Fre
Hans van Leeuwen <[EMAIL PROTECTED]> writes:
> My company has created an application that allows remote users to
> edit their DNS-records. This app needs to restart bind on the remote
> nameservers.
I think this is the wrong solution. A better idea is a cron job on
the nameserver periodically rel
did you consider just to blockother mac-addresses through iptables?
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh access?
i assume you need to be root for this? how are you going to solve it
over ssh? and how do you prevent users from just shuttin
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
g.
On Fri, 2 May 2003, Hans van Leeuwen wrote:
> Hello,
>
> My company has created an applica
Hello,
My company has created an application that allows remote users to edit
their DNS-records. This app needs to restart bind on the remote nameservers.
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
i
16 matches
Mail list logo
