Date: Thu, 13 Aug 2020 14:56:43 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
The hosting company for one of our clients sent the following reply to us/them when we asked them to setup end user accounts on a dedicated Windows Server, FreeBSD box and CentOS box (all VM's on the same physical machine with no other VM's on the physical machine) and being told we needed scriptable access (not web based non-scriptable) to the windows desktop and shell accounts (including the ability to sudo) and they agreed to provide it: "[Insert client name here], we do not allow RDP or SSH into our datacenter. They are the primary vehicles for ransomware and cryptolocker breaches. We utilize a secure access portal with multi-factor authentication to ensure you don't get breached." I kind of understand RDP (but we have had bad luck with VNC on the same hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! Their idea of a "two factor" authentication is each connection will only be allowed via a web portal and must use a one-time password sent the users smartphone. Not only does this make automated deploy impossible it is a complete show stopper since our service is IoT and uses its own custom protocol. So how do we/the client tell the hosting company they are full of sh*t (the client has a 3 year contract with a pay in full to break clause with them which would be over $100k to break) -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w>