Date: Fri, 18 Apr 2008 17:34:43 -0600 From: cpghost <cpghost@cordula.ws> To: Paul Schmehl <pauls@utdallas.edu> Cc: freebsd-questions@freebsd.org Subject: Re: [SSHd] Limiting access from authorized IP's Message-ID: <20080418173443.40f99867@epia-2.farid-hajji.net> In-Reply-To: <C8459F8564E589F21F53D9BF@utd65257.utdallas.edu> References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com> <20080418191449.212f43d3.gary@pattersonsoftware.com> <1EBA9459C137D287EEE2560D@utd65257.utdallas.edu> <4808D7F4.8000709@radel.com> <C8459F8564E589F21F53D9BF@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Apr 2008 13:46:48 -0500 Paul Schmehl <pauls@utdallas.edu> wrote: > Let me clarify. When I use the term "host", I'm referring to what > many would call a "personal workstation" or "personal computer". If > you have more than one person who has shell access to a computer, > then you no longer have a host. You have a server. Sure, you may not > think of it that way, but that's what it is. > > Servers are a completely different ballgame, and the decisions you > make regarding protecting them have everything to do with who has > access to what. The servers that I referenced in my post have one > person with root access - me > - and one user - the owners. No one else has access. So, it's a > great deal easier for me to lock down the boxes than it is, for > example, here at work, where *many* people have shell access and more > than one have root access through sudo or even su. Sorry for bikeshedding here, since it's just a matter of terminology, but... "Hosts" used to be multi-user machines for a long time, and actually still are. Most RFCs, including newer ones, refer to "hosts" and mean "nodes" on the net. They don't care whether the hosts are workstations used by a single or few user(s), or big multi-user machines with hundreds of shell accounts. "Server" is merely the role a program assumes when it waits passively for requests from "clients". "Servers" run on "hosts", regardless of the number of users on those hosts (ranging from 0 to very high). Obviously, the security implications vary considerably if you have to host many user accounts, esp. on hosts used by mission critical server programs. ;) And of course, the bikeshed has to be painted... red! :) Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080418173443.40f99867>