Hello—

 

                Since I work from home, I do not have any impediments to access imposed by my company – I can just use a personal computer to gain access to your machines, and not have to wrangle with my employer’s firewall and security protocols.  I am not sure what is meant by “ssh keys” – if that is easier for you to implement, I’d be happy to figure out how to use that, provided it doesn’t demand a fixed IP address on my end or something else that isn’t available to me given my basic commercial ISP service.  Let me know.

 

Thanks—

--Mark

 

From: Crater-team <crater-team-bounces@lists.sr.unh.edu> on behalf of Jody Wilson <jkwilson@guero.sr.unh.edu>
Date: Tuesday, August 6, 2024 at 8:39AM
To: crater-team@lists.sr.unh.edu <crater-team@lists.sr.unh.edu>
Cc: Tucker Hurton <Tucker.Hurton@unh.edu>, Larry Townsend <ltownsen@tennessee.edu>
Subject: [Crater-team] How you'll access crater servers after OS/Security updates

CRaTER folks,

For those of you who log in to accounts on crater servers (e.g.,
crater-a), we need to choose how to increase the security settings.
UNH will soon require either VPN-only access, or the use of ssh security
keys.  Most of you probably just need access to crater-a. I don't think
I can describe the choices perfectly, so here's info directly from
Tucker Hurton:

> I have an ongoing task from our Chief Information Security Officer to
> reduce the footprint of systems that are susceptible to brute-force
> password attacks. The crater systems are in scope for that task for
> which I have only two implementation options. The first is to block
> access at our firewall and require the campus VPN for access which is
> probably not ideal for you. The second option is to require ssh keys
> and disable password-based logins. I need to have one of the two
> options enabled for all systems on the SR network by October.

> You can certainly apply for a sponsored account for Mark/Larry. My
> understanding is that they would then be able to use the VPN. However,
> if there’s even a remote chance that they're comfortable using ssh
> keys, a cleaner option may be to simply expose one of your systems to
> the internet and require keys on that one host. Then, it’s business as
> usual for you and they only have to deal with it in one place….and
> campus is happy.

In other words, for non-UNH folks, we can get you "sponsored accounts"
that will come with a VPN account that will let you connect,
OR
We make crater-a connect directly to the internet, but require security
keys for access.

Does anyone have an opinion, suggestion, question, commentary, or
otherwise??
-Jody



_______________________________________________
Crater-team mailing list
Crater-team@lists.sr.unh.edu
https://lists.sr.unh.edu/mailman/listinfo/crater-team