[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SSH Tunneling - Cheap client to use?
- Subject: Re: [cobalt-security] SSH Tunneling - Cheap client to use?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sun, 19 Aug 2001 23:21:26 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Ted,
> You're right, that would encrypt the session. I believe Brandon is trying
> to use SSH's strong authentication as another layer of security. If he
> binds the administrative Apache daemon to only localhost, he also avoids
> blatant advertising that he's running a Cobalt.
ah ... might be. But the Apache version and the build in mods will always be
a dead giveaway. What other servers are using Apache 1.3.6 as the RaQ3's do?
Or here is the standard response string from a RaQ4:
Apache/1.3.12 Cobalt (Unix) PHP/4.0.4pl1 mod_ssl/2.6.4 OpenSSL/0.9.5a
mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24
Even if you limit Apache to just giving the version number (and no OS or
mod-info) it'll still be somewhat of a giveaway for the inaugurated.
> I suggested using SSH tunnelling for the admin Web server in a previous
> post, although he may have gotten the idea from somewhere else.
I used a similar setup to send and check emails through an SSH tunnel (using
STUNNEL) before I switched to an APOP capable email client. I'm using Linux
on my desktop at home, so I'm not that familliar with the Windows side of
things.
--
With best regards,
Michael Stauber
SOLARSPEED.NET