[gpsd-dev] HOWTO: Security
Gary E. Miller
gem at rellim.com
Tue May 24 22:13:31 UTC 2016
Yo Eric!
On Tue, 24 May 2016 18:03:51 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> > Or even disable password logins altogether and use ssh keys only.
> > But that's not for the HOWTO's target audience, unfortunately.
>
> Actually ./clockbuilder --secure does exactly that. Gary's argument
> is that the --secure step should be done first rather than last. It's
> somewhat undermined by the fact that under his assumptions even that
> isn't good enough.
I do not want the best to be the enemy of the better. I'll settle for
the next small improvement.
I admit to have a sore spot on getting a good password in first. I have
seen many times a box hacked by a default passwword before people get to
the end of an install procedure to change it. In one case I watched
the same team, doing the same install, over and over again, and getting
hacked each time. They spent a full day on a 30 min procedure and
never completed.
My own host logs, for today, shows some hours of 3 or more attempts on
user pi. So, if the entire install procedure takes 30 mins, there is
a pretty good chance that pi gets hacked before the password chage at the
end.
Fool me once, shame on you, fool me twice, shame on me.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160524/7aea1c09/attachment.bin>
More information about the devel
mailing list