Wireless Network Key
Mark Haney
mhaney at ercbroadband.org
Wed Aug 6 15:10:05 UTC 2008
Leo Cacciari wrote:
>>
> This is excessively bad advice, and you even tell why it is bad. This is
> done already by the gnome network manager. If n-m is installed and it
> does not work, then it is another problem, but normally in ubuntu
> wireless network works like that out of the box.
>
> By the way, your is bad advice even if the OP has not n-m installed and
> does not wish to install it, as then standard scripts like if-up
> *already* have a much more secure (well, less insecure at least) way to
> do that by writing the key in the
> /etc/network/interfaces file
>
>
> Enjoy
>
<soapbox>
I totally disagree. You really think having the key in
/etc/network/interfaces is any safer? Or having it in NM is safer?
You're out of your mind. Anyone who gets root access can dig it up and
steal it from anywhere those files are stored.
I never said anything other than a shell script CAN be used. I also
warn that it's a security risk and to lock it down tight. Do you really
think I don't know that? I deal with network security on a daily
basis. I have 100K users on our network that I have to keep safe.
The point is (and MY point is) this method is possible, but NOT
encouraged. He doesn't want to have to enter the key every time.
Entering the key every time IS the preferred and secure method of doing
this.
It's sort of like not wanting to key in a password everytime and setting
autologin. That's just as insecure (from a network security standpoint)
and scripting the wireless key.
I don't see the advice is /bad/, so much as it isn't recommend and it
does include the disclaimer that it's not recommended. It's up to the
OP to determine if that is an acceptable risk. It is not for me to
decide that and withold my information because I think it's a bad idea.
Now, had I simply said 'sure throw it in a shell script' and NOT warned
the OP of the security risk, then you have every right to point that
out. However, I believe in offering all alternatives ALONG with any
potential hazards therein.
So, flame all you want. I stand by my post in that it gives the OP him
an alternative and a caveat to that so he can make up his own mind.
He's not a child (AFAIK) and can use that if he wishes. It's not up to
YOU to determine what's bad advice.
</soapbox>
--
Libenter homines id quod volunt credunt -- Caius Julius Caesar
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
More information about the ubuntu-users
mailing list