On Saturday, May 26, 2018 at 12:58:29 AM UTC+2, Nils Bruin wrote: > > Would you have particular words to say to sysadmins who get worried about > users opening up services on all kinds of ports? (and this sysadmin could > be me) -- of course, it also requires the ability to punch the right holes > in firewalls. >
If you have a central firewall then you should have a vpn for your users, so I guess the question is about local firewalls. If you allow ssh then people are going to forwards ports, and ssh does not (and can not) check which user is connecting to the tunnel. So your security model better not rely on all high ports being firewalled. Having said that, its definitely easier to use an ssh tunnel than to convince your admin to open a port in the firewall... -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To post to this group, send email to sage-support@googlegroups.com. Visit this group at https://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
