Remote Access: Service vs. Security
as most of you will agree, it makes sense to have particular services of
your skolelinux system available remotely:
- ssh for administration
- ssh for sftp
- ssh for NX
Even though, we don't use a fix IP, today we had a visitor via ssh who
cracked a users password by bruteforce (this pupil happened to be in
some weird IRC channel).
This makes me think.
As long we can't make sure all pupils' / teachers' passwords are safe,
we rather should not allow ssh to them (as they don't use it for now,
anyway). But in order to give teachers the opportunity to work from
home, we will need some way to assure secure access. What solutions did
you choose? Something like portscanblocking and hidden (unusual) port
could be an option.
I have to add, that port 22 is forwarded by our firewall to ltsp "only",
hence, tjener itself is relatively secure. Our "guest" critisized
that /boot was readable to him (he was goodwilled).
Thanks for sharing your experience,