On Thu, Apr 18, 2013 at 10:00 PM, Tilman Schmidt <t.schm...@phoenixsoftware.de> wrote: > Am 18.04.2013 08:44, schrieb Arun Khan: >> On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 <silvertip...@gmail.com> wrote: >> >>> But at the same time it's not prudent to allow anyone access to a service >>> (host/port/page/whatever) when they have no need to. >>> >>> Perfect example being people who let SSH open to the world on production >>> boxes and do little to nothing to protect it. >> >> How do you handle the ACL when multiple users need the ssh access? >> >> Use case scenario, I have setup CentOS based LAMP servers [...] the web >> developers who keep making changes (per client request) need sftp >> access to the boxen; their respective ISP service, provide only >> dynamic IPs (or charge extra which the freelancer will not pay for) >> >> At the moment, I have had to leave it open with fail2ban monitoring >> the ssh port. > > ACLs won't cut it in that scenario,
Exactly. > but limiting SSH to public key > authentication (ie. disabling password authentication) and Agreed but explaining the concept to WAMP web application developers .... > disabling > direct root login should be sufficiently secure. This is the first thing I do after installation is complete :) -- Arun Khan Sent from my non-iphone/non-android device _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
