[Crater-team] How you'll access crater servers after OS/Security updates
Mark D Looper
mark.d.looper at aero.org
Tue Aug 6 20:48:27 EDT 2024
Hello—
Since I work from home, I do not have any impediments to access imposed by my company – I can just use a personal computer to gain access to your machines, and not have to wrangle with my employer’s firewall and security protocols. I am not sure what is meant by “ssh keys” – if that is easier for you to implement, I’d be happy to figure out how to use that, provided it doesn’t demand a fixed IP address on my end or something else that isn’t available to me given my basic commercial ISP service. Let me know.
Thanks—
--Mark
From: Crater-team <crater-team-bounces at lists.sr.unh.edu> on behalf of Jody Wilson <jkwilson at guero.sr.unh.edu>
Date: Tuesday, August 6, 2024 at 8:39 AM
To: crater-team at lists.sr.unh.edu <crater-team at lists.sr.unh.edu>
Cc: Tucker Hurton <Tucker.Hurton at unh.edu>, Larry Townsend <ltownsen at tennessee.edu>
Subject: [Crater-team] How you'll access crater servers after OS/Security updates
CRaTER folks,
For those of you who log in to accounts on crater servers (e.g.,
crater-a), we need to choose how to increase the security settings.
UNH will soon require either VPN-only access, or the use of ssh security
keys. Most of you probably just need access to crater-a. I don't think
I can describe the choices perfectly, so here's info directly from
Tucker Hurton:
> I have an ongoing task from our Chief Information Security Officer to
> reduce the footprint of systems that are susceptible to brute-force
> password attacks. The crater systems are in scope for that task for
> which I have only two implementation options. The first is to block
> access at our firewall and require the campus VPN for access which is
> probably not ideal for you. The second option is to require ssh keys
> and disable password-based logins. I need to have one of the two
> options enabled for all systems on the SR network by October.
> You can certainly apply for a sponsored account for Mark/Larry. My
> understanding is that they would then be able to use the VPN. However,
> if there’s even a remote chance that they're comfortable using ssh
> keys, a cleaner option may be to simply expose one of your systems to
> the internet and require keys on that one host. Then, it’s business as
> usual for you and they only have to deal with it in one place….and
> campus is happy.
In other words, for non-UNH folks, we can get you "sponsored accounts"
that will come with a VPN account that will let you connect,
OR
We make crater-a connect directly to the internet, but require security
keys for access.
Does anyone have an opinion, suggestion, question, commentary, or
otherwise??
-Jody
_______________________________________________
Crater-team mailing list
Crater-team at lists.sr.unh.edu
https://lists.sr.unh.edu/mailman/listinfo/crater-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sr.unh.edu/pipermail/crater-team/attachments/20240807/7caa00ed/attachment-0001.htm>
More information about the Crater-team
mailing list