On Sun, 14 Dec 2008, Jakub Narebski wrote:
david@xxxxxxx writes:
On Sun, 14 Dec 2008, martin wrote:
Dear David.
Why do you trust VPN more than the SSH?
I ask because I have just removed the "first VPN then SSH" solution
in favor for a SSH only solution using Gitosis just to get rid of
the VPN which I believe is less secure than SSH (well until I read
you comments below).
I thought I was doing something right for once but maybe I'm not?
Thanks and best regards
Martin
in part it's that a VPN is a single point of control for all remote
access.
If you use ssh you end up exposing all the individual machines
1. data leakage of just what machines exist to possibly hostile users.
Errr... what? One of established practices is expose only _one_
machine to outside; you have to SSH to gateway.
that works for sysadmin access to a box, it doesn't work for git push
(unless that box also happens to be your git repository). multiply by a
few dozen different applications that all take the attitude 'just us SSH
and you are secure' and you end up with a bunch of machines that _have_ to
be exposed via SSH.
2. the many machines are configured seperatly, frequently by different
people. this makes it far more likely that sometime some machine will
get misconfigured.
See above.
3. people who are focused on providing features have a strong
temptation to cut corners and just test that the feature works and not
test that everything that isn't supposed to work actually doesn't
work. as a result, in many companies there is a deliberate seperation
(and tension) between a group focused on controlling and auditing
access and one that is focused on creating fucntionality and features.
And that differs from VPN in what way?
the VPN is typically (but not always) run by the group who is focused on
controlling and auditing access.
also from a polical/social point of view everyone recognises that if
you grant someone VPN access you are trusting them, but people don't
seem to think the same way with ssh.
Errr... what? I think everybody knows that unrestricted SSH access
(without limiting done by shell used) means that you trust user.
you would be surprised.
I'm not saying that SSH is bad for all uses by any means. I'm responding
to the people who seemd to be thinking that anyone who didn't like the
'use SSH' option are luddites and just don't know what they are doing.
different networks can have different stances and all be right (for their
environment)
David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html