On Thu, Apr 18, 2013 at 10:00 PM, Tilman Schmidt
<t.schmidt@xxxxxxxxxxxxxxxxxx> wrote:
> Am 18.04.2013 08:44, schrieb Arun Khan:
>> On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 <silvertip257@xxxxxxxxx> wrote:
>>
>>> But at the same time it's not prudent to allow anyone access to a service
>>> (host/port/page/whatever) when they have no need to.
>>>
>>> Perfect example being people who let SSH open to the world on production
>>> boxes and do little to nothing to protect it.
>>
>> How do you handle the ACL when multiple users need the ssh access?
>>
>> Use case scenario, I have setup CentOS based LAMP servers [...] the web
>> developers who keep making changes (per client request) need sftp
>> access to the boxen; their respective ISP service, provide only
>> dynamic IPs (or charge extra which the freelancer will not pay for)
>>
>> At the moment, I have had to leave it open with fail2ban monitoring
>> the ssh port.
>
> ACLs won't cut it in that scenario,
Exactly.
> but limiting SSH to public key
> authentication (ie. disabling password authentication) and
Agreed but explaining the concept to WAMP web application developers ....
> disabling
> direct root login should be sufficiently secure.
This is the first thing I do after installation is complete :)
--
Arun Khan
Sent from my non-iphone/non-android device
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
