[unisog] Remote Access to Staff Desktops

Alexander Clouter alex at digriz.org.uk
Wed Feb 25 19:40:16 GMT 2009


* BACHAND, Dave (Info. Tech. Services) <BachandD at easternct.edu> [Mon, 23 Feb 2009 10:03:39 -0500]:
>
> [snipped world runs RDP it seems :) ]
>
> No other remote access is allowed.
>
I have been pondering about global SSH access being permitted, however 
the list would have dynamic blacklistings of workstations that were 
marked vunerable.  Vunerable meaning:
 1) permitting SSH version 1
 2) running a known vunerable SSH server version
 3) permitting plaintext login

The 'tweak' to the third clause would be that OTP's would be permitted 
along side the usual pubkey auth only approaches. 

Annoyingly scanssh[1] does not seem to go far enough.  Anyone got any 
suggestions?  All the useful info seems present via 'ssh -vvv', so maybe 
some ugly Perl-glue is called for...

Cheers

[1] http://monkey.org/~provos/scanssh/

-- 
Alexander Clouter
.sigmonster says: Everyone is entitled to my opinion.



More information about the unisog mailing list