Remote Access: Service vs. Security

To: debian-edu@lists.debian.org
Cc: admin-discuss@skolelinux.org
Subject: Remote Access: Service vs. Security
From: Ralf Gesel|ensetter <rgx@gmx.de>
Date: Tue, 11 Jan 2005 18:27:28 +0100
Message-id: <[🔎] 200501111827.29194.rgx@gmx.de>
Reply-to: admin-discuss@skolelinux.org

(Xpost)

Hi there,

as most of you will agree, it makes sense to have particular services of 
your skolelinux system available remotely:

- ssh for administration
- ssh for sftp
- ssh for NX

Even though, we don't use a fix IP, today we had a visitor via ssh who 
cracked a users password by bruteforce (this pupil happened to be in 
some weird IRC channel).

This makes me think.

As long we can't make sure all pupils' / teachers' passwords are safe, 
we rather should not allow ssh to them (as they don't use it for now, 
anyway). But in order to give teachers the opportunity to work from 
home, we will need some way to assure secure access. What solutions did 
you choose? Something like portscanblocking and hidden (unusual) port 
could be an option.


I have to add, that port 22 is forwarded by our firewall to ltsp "only", 
hence, tjener itself is relatively secure. Our "guest" critisized 
that /boot was readable to him (he was goodwilled).


Thanks for sharing your experience,
regards,
Ralf.

Reply to:

Follow-Ups:
- Re: Remote Access: Service vs. Security
  - From: Gavin McCullagh <lists_gmc@fiachra.ucd.ie>
- Re: Remote Access: Service vs. Security
  - From: Sergio Talens-Oliag <sto@debian.org>

Prev by Date: Q: 3D on Thin Clients (GLX/OpenGL)?
Next by Date: Re: Remote Access: Service vs. Security
Previous by thread: Re: Q: 3D on Thin Clients (GLX/OpenGL)?
Next by thread: Re: Remote Access: Service vs. Security
Index(es):
- Date
- Thread