Re: Barring IP addresses
- --- In email@example.com, "bloedmann999" <Brian_Dorling@...>
> --- In firstname.lastname@example.org, "Mike \(mwester\)" <mwester@>
> > > I'm interested in another aspect of this. I have two slugs, a Debian
> > > and an Unslung. Neither is open to the Internet. The sole access
> > > my network is via OpenVPN protected by certificates/keys to myDD-WRt
> > > router. I have no DMZ and no port forwarding into my network.wondering
> > >
> > > So, why do I need to use SSH to contact the Slugs? I'm just
> > > about the waste of encrypting with SSH and then again with TLS ontelnet"
> > > OpenVPN.
> > >
> > > Of course SSH, key based, is more secure, but do I really need it in
> > > my case, or is it just good practice to always use SSH instead of
> > > telnet, whatever the situation?
> > Regarding Unslung, if you have no security concerns, then the major
> > for using SSH instead of telnet is for reliability. The "enable
> > mechanism on Unslung depends on proper operation of a number of otherChecking my processes and open ports I saw that port 111 (rpcbind) is
> > services (inetd, and the Linksys web gui), and it seems that a
> number of the
> > recipes in the wiki for Unslung users are almost certain to disrupt
> one or
> > the other of those mechanisms. When this happens, it's a support
> > nightmare -- all of which is neatly solved by using SSH, which doesn't
> > depend on the web server nor on inetd. :-)
> > Mike (mwester)
> Good points. Thanks to everyone who replied.
> Cheers Brian
open. I am not using NFS on the slug and have stopped all NFS modules
from loading, I have also stopped the inet daemon. Currently I see no
need for it. What I have not managed yet is to stop portmap from
starting. I changed the name of the portmap script symlink in rc.2,
that is not run anymore, but portmap still loads somehow.
Could anyone tell me how it is started on the debian slug version?
I've also seen recommendations to replace the SSH with dropbear as it
uses a lot less storage. Is there any reason not to do that? I guess
if I test it and it seems to work I would not see any reason not to