[SSHd] Limiting access from authorized IP's

[cpghost]

On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <pauls at utdallas.edu> wrote:

> Let me clarify.  When I use the term "host", I'm referring to what
> many would call a "personal workstation" or "personal computer".  If
> you have more than one person who has shell access to a computer,
> then you no longer have a host. You have a server.  Sure, you may not
> think of it that way, but that's what it is.
> 
> Servers are a completely different ballgame, and the decisions you
> make regarding protecting them have everything to do with who has
> access to what. The servers that I referenced in my post have one
> person with root access - me 
> - and one user - the owners.  No one else has access.  So, it's a
> great deal easier for me to lock down the boxes than it is, for
> example, here at work, where *many* people have shell access and more
> than one have root access through sudo or even su.

Sorry for bikeshedding here, since it's just a matter of terminology,
but...

"Hosts" used to be multi-user machines for a long time, and actually
still are. Most RFCs, including newer ones, refer to "hosts" and mean
"nodes" on the net. They don't care whether the hosts are workstations
used by a single or few user(s), or big multi-user machines with
hundreds of shell accounts.

"Server" is merely the role a program assumes when it waits passively
for requests from "clients". "Servers" run on "hosts", regardless
of the number of users on those hosts (ranging from 0 to very high).

Obviously, the security implications vary considerably if you have
to host many user accounts, esp. on hosts used by mission critical
server programs. ;)

And of course, the bikeshed has to be painted... red! :)

Regards,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/