From owner-freebsd-questions@freebsd.org Thu Aug 13 19:10:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D1E743A9DB7 for ; Thu, 13 Aug 2020 19:10:38 +0000 (UTC) (envelope-from dave@jetcafe.org) Received: from fedex2.jetcafe.org (fedex2.jetcafe.org [205.147.26.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fedex2.jetcafe.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSGP93YxYz3S5M for ; Thu, 13 Aug 2020 19:10:37 +0000 (UTC) (envelope-from dave@jetcafe.org) X-Envelope-To: Received: from bigus.dream-tech.com (bigus.jetcafe.org [205.147.26.7]) by fedex2.jetcafe.org (8.15.2/8.15.2) with ESMTPS id 07DJATwQ069738 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 13 Aug 2020 12:10:29 -0700 (PDT) (envelope-from dave@jetcafe.org) Date: Thu, 13 Aug 2020 12:10:29 -0700 From: Dave Hayes To: freebsd-questions@freebsd.org Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <20200813121029.28279823@bigus.dream-tech.com> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -1 ( out of 5.1) ALL_TRUSTED,SHORTCIRCUIT X-Spam-Checker-Version: SpamAssassin version 3.4.4-jetcafeglobal X-Scanned-By: MIMEDefang 2.83 X-Rspamd-Queue-Id: 4BSGP93YxYz3S5M X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of dave@jetcafe.org designates 205.147.26.23 as permitted sender) smtp.mailfrom=dave@jetcafe.org X-Spamd-Result: default: False [-1.92 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.76)[-0.764]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.85)[-0.847]; DMARC_NA(0.00)[jetcafe.org]; NEURAL_HAM_SHORT(-0.01)[-0.009]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7397, ipnet:205.147.0.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2020 19:10:38 -0000 On Thu, 13 Aug 2020 14:56:43 -0400 Aryeh Friedman wrote: > The hosting company for one of our clients sent the following reply to > us/them when we asked them to setup end user accounts on a dedicated > Windows Server, FreeBSD box and CentOS box (all VM's on the same physical > machine with no other VM's on the physical machine) and being told we > needed scriptable access (not web based non-scriptable) to the windows > desktop and shell accounts (including the ability to sudo) and they agreed > to provide it: ... > Their > idea of a "two factor" authentication is each connection will only be > allowed via a web portal and must use a one-time password sent the users > smartphone. Not only does this make automated deploy impossible it is a > complete show stopper since our service is IoT and uses its own custom > protocol. Have you tried running SSH on a ephemeral port? > So how do we/the client tell the hosting company they are full of sh*t (the > client has a 3 year contract with a pay in full to break clause with them > which would be over $100k to break) Well you can tell them anything you want by various means, we all have mouths and email. I find telling people what is obviously true (for any human being who eats) highly ineffective in convincing people to cooperate. However, it seems to me if you told them you need scriptable access and that was actually in your contract, they are in breach of contract and you can use that to break the contract. I am not a lawyer and you will quite likely need one to pull that off. Just my $0.02 USD. -- Dave Hayes - Consultant - Altadena CA, USA - dave@jetcafe.org >>>> *The opinions expressed above are entirely my own* <<<< Before criticizing people, walk a mile in their shoes. Then when you do criticize them, you will be a mile away and have their shoes.