 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
miah <jjohnson at sunrise-linux.com> writes:
> You keep your ssh key on your firewall? Sounds like a bad idea to me,
Of course.. The SSH Server key. It's not a bad idea -- it's the only
way to get secure service! I've also got a Kerberos Keytab on the
box, but that's relatively easy to replace (as is the SSH key),
frankly.
> ipsec, you have to, but you can issue a new key easily, so its not a
> big deal.
"not a big deal"? It's still a pain. I have to contact each of my
ipsec peers and get THEM to reconfigure with my new key.. I have to
go to all the ssh clients and fix their .ssh/known_hosts files.
Rekeying is not a 2-second process. It's not even a 2-minute process.
It can take hours.
Quite a pain.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
