[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: ssh logins to

From: Ward Vandewege
Subject: Re: [Savannah-hackers-public] Re: ssh logins to
Date: Thu, 5 Mar 2009 11:05:43 -0500
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

On Thu, Mar 05, 2009 at 06:38:46AM -0600, Karl Berry wrote:
> I realized last night there's another significant issue with access to
> lists -- the mailing list feature on savannah relies on being able to
> get over to lists and run a command to create or delete a list.  We
> don't want to lose that functionality.  I do not know if 
> Ward's original proposal was to limit incoming ssh on lists to the
> personal machines of savannah hackers.  Let me take that one step
> further: how about if it is limited only to savannah itself?

That would work.

> I realize that does not address every conceivable security issue, but is
> it acceptable?  It is surely an improvement (from your point of view)
> over allowing access from everywhere on the one hand, and does not
> require extra work and software from us on the other.  Everything's a
> tradeoff ...

Absolutely. What I'm trying to achieve here is not having lists ssh
accessible from all over the internet. Ideally we would do that in the least
complicated way: static firewall rules. It's totally fine for the sysadmins
to have to maintain that list of static firewall rules, and add/remove/modify
IP addresses for people that need to be able to ssh into lists. We already do
that for other machines. I want to minimize the effort required from the
community (by not requiring extra software, etc) while improving security.

Restricting ssh logins to savannah would be great from my perspective. And
I'm happy to add any other static IPs that you guys want access from.

What do you think?


Ward Vandewege <address@hidden>
Free Software Foundation - Senior Systems Administrator

reply via email to

[Prev in Thread] Current Thread [Next in Thread]