Hot Diggety! Leon Towns-von Stauber was rumored to have written:
>
> You use it by setting it as the login shell for user accounts on your
> bastion host. There's a simple config file, which is just a list of
> internal hosts that are acceptable places to login. When a user logs
> into the bastion host, they're presented with a prompt, at which they
> have to enter one of the hostnames from the config file, requiring
> prior knowledge of its contents.
Hmm, that might work for a small scale setup or where users relatively
infrequently login to bastions.
Less so when you're talking hundreds to thousands of hosts, or where
frequent logins are a part of the daily experience -- perhaps due to
side effects of various organizational policies?
A small scale setup, that could work out OK. But anything bigger, you
risk an user revolt. :)
Users are pretty good at getting their management to push for changes at
the management level, regardless of ultimate merits. Lower level
managers, as mere humans, often buckle under pressure -- basic fact of
Management 101.
> Another thing that really helps is running the external SSH service
> on a non-standard port. Doing that completely eliminated brute-force
> attacks on the bastion host at $WORK.
That can work, though it's still incumbent upon one to:
a) keep sshd (and any underlying dependencies -- e.g. OpenSSL)
patched _and_ reloaded.
b) have a reasonably secure configuration. Otherwise, it's a
potemkin village type of security illusion. ;-)
I only point it out because with some people (not necessarily the Gentle
Readers of lopsa-tech), they forget that crucial point.
-Dan
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
