Date: Thu, 13 Aug 2020 12:04:06 -0700 From: "Jack L." <xxjack12xx@gmail.com> To: Aryeh Friedman <aryeh.friedman@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> In-Reply-To: <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Just change the ssh/rdp ports? On Thu, Aug 13, 2020 at 11:59 AM Aryeh Friedman <aryeh.friedman@gmail.com> wrote: > > Forgot to ask how common is such idiocy? And is it becoming more common? > > On Thu, Aug 13, 2020 at 2:56 PM Aryeh Friedman <aryeh.friedman@gmail.com> > wrote: > > > The hosting company for one of our clients sent the following reply to > > us/them when we asked them to setup end user accounts on a dedicated > > Windows Server, FreeBSD box and CentOS box (all VM's on the same physical > > machine with no other VM's on the physical machine) and being told we > > needed scriptable access (not web based non-scriptable) to the windows > > desktop and shell accounts (including the ability to sudo) and they agreed > > to provide it: > > > > "[Insert client name here], we do not allow RDP or SSH into our > > datacenter. They are the primary vehicles for ransomware and cryptolocker > > breaches. We utilize a secure access portal with multi-factor > > authentication to ensure you don't get breached." > > > > I kind of understand RDP (but we have had bad luck with VNC on the same > > hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! Their > > idea of a "two factor" authentication is each connection will only be > > allowed via a web portal and must use a one-time password sent the users > > smartphone. Not only does this make automated deploy impossible it is a > > complete show stopper since our service is IoT and uses its own custom > > protocol. > > > > So how do we/the client tell the hosting company they are full of sh*t > > (the client has a 3 year contract with a pay in full to break clause with > > them which would be over $100k to break) > > > > -- > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > > > > -- > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw>