[SSHd] Limiting access from authorized IP's
cpghost
cpghost at cordula.ws
Fri Apr 18 23:54:05 UTC 2008
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <pauls at utdallas.edu> wrote:
> Let me clarify. When I use the term "host", I'm referring to what
> many would call a "personal workstation" or "personal computer". If
> you have more than one person who has shell access to a computer,
> then you no longer have a host. You have a server. Sure, you may not
> think of it that way, but that's what it is.
>
> Servers are a completely different ballgame, and the decisions you
> make regarding protecting them have everything to do with who has
> access to what. The servers that I referenced in my post have one
> person with root access - me
> - and one user - the owners. No one else has access. So, it's a
> great deal easier for me to lock down the boxes than it is, for
> example, here at work, where *many* people have shell access and more
> than one have root access through sudo or even su.
Sorry for bikeshedding here, since it's just a matter of terminology,
but...
"Hosts" used to be multi-user machines for a long time, and actually
still are. Most RFCs, including newer ones, refer to "hosts" and mean
"nodes" on the net. They don't care whether the hosts are workstations
used by a single or few user(s), or big multi-user machines with
hundreds of shell accounts.
"Server" is merely the role a program assumes when it waits passively
for requests from "clients". "Servers" run on "hosts", regardless
of the number of users on those hosts (ranging from 0 to very high).
Obviously, the security implications vary considerably if you have
to host many user accounts, esp. on hosts used by mission critical
server programs. ;)
And of course, the bikeshed has to be painted... red! :)
Regards,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list