[unisog] Remote Access to Staff Desktops
Alexander Clouter
alex at digriz.org.uk
Wed Feb 25 19:40:16 GMT 2009
* BACHAND, Dave (Info. Tech. Services) <BachandD at easternct.edu> [Mon, 23 Feb 2009 10:03:39 -0500]:
>
> [snipped world runs RDP it seems :) ]
>
> No other remote access is allowed.
>
I have been pondering about global SSH access being permitted, however
the list would have dynamic blacklistings of workstations that were
marked vunerable. Vunerable meaning:
1) permitting SSH version 1
2) running a known vunerable SSH server version
3) permitting plaintext login
The 'tweak' to the third clause would be that OTP's would be permitted
along side the usual pubkey auth only approaches.
Annoyingly scanssh[1] does not seem to go far enough. Anyone got any
suggestions? All the useful info seems present via 'ssh -vvv', so maybe
some ugly Perl-glue is called for...
Cheers
[1] http://monkey.org/~provos/scanssh/
--
Alexander Clouter
.sigmonster says: Everyone is entitled to my opinion.
More information about the unisog
mailing list