Quoting Franck Joncourt (franck.mail@dthconnex.com): > _Description: Configure fwknop to protect the SSH port? > The FireWall KNock OPerator daemon has not been set up yet. This install > process can configure fwknopd to protect the SSH port with a simple I'm generally not fond of "this install process" or anything referring to what's happening. I'd suggest a more neutral wording such as "The fwknopd daemon may be configured to protect..." or "You can choose to configure fwknopd to..." > Rijndael shared key, but moving to a GnuPG setup is recommended. Setting > up GnuPG for SPA communications involves a few manual steps that are > described in the fwknop documentation. In the meantime, using Rjindael > for SPA encryption and decryption provides decent security. > > [...] > _Description: Sniffing interface: > By default, fwknop-server uses libpcap, and needs to know which Ethernet > interface should be put in promiscuous mode. In my nitpicking mode, I'd say that programs "know" nothing..:-)...you *instruct* them to do something. "and should be configured to set the sniffing interface in promiscuous mode" I also wonder what value is added by saying that the program uses libpcap here. The important point is that we want to know the interface name.... What about: _Description: Sniffing interface: Please specify which Ethernet interface should be put in promiscuous mode. > > [...] > _Description: Encryption key to use: > By default, SPA packets are encrypted with the Rijndael block cipher, > which requires an encryption key. This password must be at least eight > characters in length. The prompt asks for an encryption key but the text talks about a password. That's slightly inconsistent. --
Attachment:
signature.asc
Description: Digital signature