On Sun, 14 Dec 2008, martin wrote:
david@xxxxxxx wrote:
On Sun, 14 Dec 2008, martin wrote:
Dear David.
Why do you trust VPN more than the SSH?
I ask because I have just removed the "first VPN then SSH" solution in
favor for a SSH only solution using Gitosis just to get rid of the VPN
which I believe is less secure than SSH (well until I read you comments
below).
I thought I was doing something right for once but maybe I'm not?
Thanks and best regards
Martin
in part it's that a VPN is a single point of control for all remote access.
If you use ssh you end up exposing all the individual machines
1. data leakage of just what machines exist to possibly hostile users.
2. the many machines are configured seperatly, frequently by different
people. this makes it far more likely that sometime some machine will get
misconfigured.
3. people who are focused on providing features have a strong temptation to
cut corners and just test that the feature works and not test that
everything that isn't supposed to work actually doesn't work. as a result,
in many companies there is a deliberate seperation (and tension) between a
group focused on controlling and auditing access and one that is focused on
creating fucntionality and features.
also from a polical/social point of view everyone recognises that if you
grant someone VPN access you are trusting them, but people don't seem to
think the same way with ssh.
David Lang
I opened port 22 in the firewall to just those hosts that I need to reach,
which is one in this case...the rest of the machines I cannot reach.
I did a brief port scan and the thing is silent... so I don't think I reveal
any of the other hosts... but I should not say is it's secure with your
measures...
Your point two I don't understand... If you are in charge of the firewall
you also know what machines you let people reach. If these machines are
numerous then I think there is a management problem somewhere else...
two things here
1. if you are running multiple different applications that all want to be
exposed via port 22 (like git for 'git push') then you may need to expose
numerous machines. tools that use SSH don't tend to have the ability to
use a gateway box before they start executing commands, they assume that
you will SSH directly into the destination box.
2. many people take the attitude that SSH is secure, period, end of
statement. so they think that every machine should be able to be contacted
via SSH, and you can then use SSH to do any other functionality on any
machine that you can dream up. a small minority of people try to minimize
what boxes are exposed directly (you are one of them), but most don't
David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
