[Crater-team] How you'll access crater servers after OS/Security updates

[Jody Wilson]

CRaTER folks,

For those of you who log in to accounts on crater servers (e.g., 
crater-a), we need to choose how to increase the security settings.
UNH will soon require either VPN-only access, or the use of ssh security 
keys.  Most of you probably just need access to crater-a. I don't think 
I can describe the choices perfectly, so here's info directly from 
Tucker Hurton:

> I have an ongoing task from our Chief Information Security Officer to 
> reduce the footprint of systems that are susceptible to brute-force 
> password attacks. The crater systems are in scope for that task for 
> which I have only two implementation options. The first is to block 
> access at our firewall and require the campus VPN for access which is 
> probably not ideal for you. The second option is to require ssh keys 
> and disable password-based logins. I need to have one of the two 
> options enabled for all systems on the SR network by October.

> You can certainly apply for a sponsored account for Mark/Larry. My 
> understanding is that they would then be able to use the VPN. However, 
> if there’s even a remote chance that they're comfortable using ssh 
> keys, a cleaner option may be to simply expose one of your systems to 
> the internet and require keys on that one host. Then, it’s business as 
> usual for you and they only have to deal with it in one place….and 
> campus is happy.

In other words, for non-UNH folks, we can get you "sponsored accounts" 
that will come with a VPN account that will let you connect,
OR
We make crater-a connect directly to the internet, but require security 
keys for access.

Does anyone have an opinion, suggestion, question, commentary, or 
otherwise??
-Jody