[ntp:hackers] UDel security
mayer
mayer at gis.net
Thu May 12 09:57:18 PDT 2005
----- Original Message Follows -----
> Guys,
>
> The department staff has closed all access from outside 128.4 to only
> a few carefully watched public machines and closed off all RPC ports
> except NTP and a couple of others. The 128.4 NTP test machines on the
> campus and backroom subnets are currently open to ssh (only). I should
> probably change that to require login to pogo first before allowing
> access to other machines. Will this be a problem for the legitimate
> testers and hackers?
>From my point of view as a developer, as long as I can SSH into pogo
as necessary that's fine. I usually SSH to pogo before I go anywhere
else anyway. This sounds like a good choice.
>
> Most of our machines are now closed access via NTP unless
> cryptographically authenticated. I intend to do that for all campus
> servers, including those that are now open access. UDel will thus turn
> into a black hole for everything except the web and a few portholes
> like our campus, department public servers.
I'm not sure I understand how you are closing access via NTP unless
cryptographically authenticated since the Autokey scheme authenticates
the server to the client rather than the other way round. We've
had a number of discussions on this issue. Or did I misunderstand
what you are saying?
>
> I am asking the ISC to regularize the Autokey group key provision via
> the web. Can we set up a scheme that allows registration and retrieval
> of a group key for designated machines? I am open to any scheme that
> provides cryptographically secure storage and retrieval of a group key
> for any specific registered group.
>
Are you talking about the autokey key distribution scheme that Steve
set up? Or is this something else? What keys would be distributed and
for what machines?
Danny
> Dave
>
More information about the hackers
mailing list