[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] Re: ssh logins to lists.gnu.org
|
From: |
Ward Vandewege |
|
Subject: |
[Savannah-hackers-public] Re: ssh logins to lists.gnu.org |
|
Date: |
Wed, 21 Jan 2009 21:03:34 -0500 |
|
User-agent: |
Mutt/1.5.17+20080114 (2008-01-14) |
On Wed, Jan 21, 2009 at 09:39:55PM +0100, Sylvain Beucler wrote:
> Well, if we can access fencepost through SSH, why is it a problem to
> access lists through SSH? :)
Having fencepost accessible via SSH is the point of that machine. It's a
shell server.
There is no good reason at all to have lists accessible via SSH from
anywhere.
Therefore, we should not have it accessible. This is pretty basic 'secure'
thinking: you do not make services available that don't need to be. In the
case of lists, that includes SSH. Of course there would be rules to allow SSH
from static IPs for the people who need to be able to log into lists.
> (Btw, if you want to avoid SSH brute force you might want to have a
> look at 'fail2ban' (which is incidentally installed at Savannah :)))
Yes. It's simpler to use static IPs for access, like for almost all other GNU
machines.
Thanks,
Ward.
--
Ward Vandewege <address@hidden>
Free Software Foundation - Senior Systems Administrator