From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-69616-garchives=archives.gentoo.org@gentoo.org>)
	id 1IXJB4-0004Na-LO
	for garchives@archives.gentoo.org; Mon, 17 Sep 2007 16:10:27 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8HG1JKe020685;
	Mon, 17 Sep 2007 16:01:19 GMT
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.246])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8HFuOtG013288
	for <gentoo-user@lists.gentoo.org>; Mon, 17 Sep 2007 15:56:25 GMT
Received: by an-out-0708.google.com with SMTP id c8so233425ana
        for <gentoo-user@lists.gentoo.org>; Mon, 17 Sep 2007 08:56:21 -0700 (PDT)
Received: by 10.100.136.8 with SMTP id j8mr7738776and.1190044581133;
        Mon, 17 Sep 2007 08:56:21 -0700 (PDT)
Received: from ?10.10.0.4? ( [190.16.140.164])
        by mx.google.com with ESMTPS id d22sm5085689and.2007.09.17.08.56.18
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 17 Sep 2007 08:56:19 -0700 (PDT)
Message-ID: <46EEA3A0.1000606@buanzo.com.ar>
Date: Mon, 17 Sep 2007 12:56:16 -0300
From: "Arturo 'Buanzo' Busleiman" <buanzo@buanzo.com.ar>
Organization: GNU/Buanzo
User-Agent: Thunderbird 2.0.0.6 (X11/20070728)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To:  gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Re: Re: SSH won't restart
References: <49bf44f10709080840k4f64df08r1f3ba9a4e3b4f031@mail.gmail.com>	<200709161634.00032.mike@gaima.co.uk>	<1471220.PHpItKh17l@m-id.message-center.info>	<200709161729.38863.mike@gaima.co.uk>	<87fy1efqlb.fsf@newton.gmurray.org.uk>	<46ED6F2B.10208@buanzo.com.ar>	<2293981.jHZ5yHTi5i@m-id.message-center.info> <20070917170551.52b5d344.hilse@web.de>
In-Reply-To: <20070917170551.52b5d344.hilse@web.de>
X-Enigmail-Version: 0.95.3
OpenPGP: id=6857704D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 033ae546-0f6f-4ed5-bee9-156529a41b54
X-Archives-Hash: 8f6f29e3ec0b823b76c75674adb02251

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hans-Werner Hilse wrote:
> Hi,

Hi!

> So I would definately prefer to always have a guaranteed working sshd
> running (I find OpenVPN/telnet a bit strange and an unnecessary
> potential security hole).

If running permanently, then I agree, but I do not see the potential security hole if using a
correctly designed/configured tunnel.

> session. So you have to weight the risks. The real problem, however,
> can only be overcome by another way to login. Firing up another
> instance of sshd (on a different port) is just a matter of one simple
> command, so I definately prefer that.

As long as there is no issue with the sshd binary, of course :)

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG7qOfAlpOsGhXcE0RCnGRAJ9fQIcJWbai4w/Daq81DPL1iEgaEgCfWkGg
Apixlnkoih+SMOPShj6SpVA=
=sBTB
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list