[Gta04-owner] ***UNCHECKED*** Re: suggestions for rootfs

Andreas Kemnade andreas at kemnade.info
Wed Feb 1 06:57:00 CET 2017


On Tue, 31 Jan 2017 19:41:10 +0100
Jonas Smedegaard <jonas at jones.dk> wrote:

> Quoting Andreas Kemnade (2017-01-31 17:22:46)
> > here are some ideas for rootfs.
> > 
> > 1. /etc/default/rcS
> > FSCKFIX=yes
> > 
> > Well, no chance to press an y key on the gta04, so this at least
> > give some chances to have it booted.
> 
> Only relevant when the package sysvinit-core is installed.  By
> default with both current and upcoming stable debian, systemd-sysv is
> installed instead, which does not use that hint - and in upcoming
> stable release the file is not installed at all by default (so ensure
> that automated tweaking scripts check existence of the file before
> editing!).
> 
So what is the cleanest solution you would propose to achieve the same?

>[...]
> 
> > 2. sshd_config
> > UseDNS no
> > logins are a lot faster.
> > Or maybe add a line like
> > 192.168.0.200 pc
> > to /etc/hosts
> 
> I sure recommend to not skip name resolving, but establish fast name 
> resolving (either by hardcoding as suggested above or by having 
> connection script point to a resolver on your laptop).

Well, having a resolver on my laptop might be an additional security
issue. I would like to avoid that. That single line in /etc/hosts is ok
and would cover most cases.
But what is the point of doing nameresolving on ssh server side? If I
remember, it is only adds a bigger warning to the logfile in cases were
fwd/reverse dns mismatches or is not available.
But in case of a gta04, almost any login attempt is suspicious and most
time it will be behind nats.

Regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.goldelico.com/pipermail/gta04-owner/attachments/20170201/44254790/attachment.asc>


More information about the Gta04-owner mailing list