Bootable CD w/OS for firewall
Derek Atkins
warlord at MIT.EDU
Wed Sep 15 10:04:00 EDT 2004
miah <jjohnson at sunrise-linux.com> writes:
> You keep your ssh key on your firewall? Sounds like a bad idea to me,
Of course.. The SSH Server key. It's not a bad idea -- it's the only
way to get secure service! I've also got a Kerberos Keytab on the
box, but that's relatively easy to replace (as is the SSH key),
frankly.
> ipsec, you have to, but you can issue a new key easily, so its not a
> big deal.
"not a big deal"? It's still a pain. I have to contact each of my
ipsec peers and get THEM to reconfigure with my new key.. I have to
go to all the ssh clients and fix their .ssh/known_hosts files.
Rekeying is not a 2-second process. It's not even a 2-minute process.
It can take hours.
Quite a pain.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list