basic shell access problem
From: Micha³ Kurowski (mkur_at_poczta.gazeta.pl)
Date: 10/08/05
- Next message: Michael Heiming: "Re: basic shell access problem"
- Previous message: Joachim Schipper: "Re: ssh to diskless client"
- Next in thread: Michael Heiming: "Re: basic shell access problem"
- Reply: Michael Heiming: "Re: basic shell access problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 8 Oct 2005 17:06:41 +0000 (UTC)
Hi,
I'd like to ask for your advice on basic shell access problem.
This is actually much more a policy problem then a technical ssh
question but I think it is pretty much very relevant for this group.
We want to allow selective shell access to our "gateway" server for
remote hosts. We already have contemporary "blacklisting" solution to
kick out usual account cracking trials.
We also employ "AllowUsers" sshd_config solution to permit specific
user/IP combinations. In practice it is becoming really annoying for
both maintainers and users though. It is very tempting for some people
to put a "user@*" entry in there ...
How do you people manage this ?
I know there are many possibilities. Allowing public keys based logins
only is not am option because we have to many undereducated users
(using unsafe computers). VPN-like solution is also an overkill for
us. I am leaning towards some solution placed in the router/firewall
rather then on a specific server.
Any comment highly appreciated.
-- Michal Kurowski <mkur@poczta.gazeta.pl>
- Next message: Michael Heiming: "Re: basic shell access problem"
- Previous message: Joachim Schipper: "Re: ssh to diskless client"
- Next in thread: Michael Heiming: "Re: basic shell access problem"
- Reply: Michael Heiming: "Re: basic shell access problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
