2015-06-15 16:33 GMT-03:00 Giancarlo Razzolini <grazzolini@gmail.com>:
Em 15-06-2015 16:26, Tom Swartz escreveu:
With all due respect, requiring that a user punch holes in their security firewalls is not a proper or long term solution to the issue at hand.
It is the only solution.
Is not the only as pointer in this thread, also you not considered the idea that burocracy for somethink that simple as oppen a port could take months if not year or even coutless failed attempts?
For home users, this might be a valid (although no less sane) solution, but in corporate networks where the firewall rules are crafted for a reason (e.g. to protect the rest of the devices on the network).
A rule that denies outgoing SSH access is a dumb one. It doesn't protect the rest of the devices on the network.
In my school we get attempts to forcebrute into ouir server... this once was attempted throw port 22, that what I get in response for request open port 22 in my school firewal. Therefor they refuse to open 22 since that insident.
As I mentioned in my original posting, (and as several other users mentioned) many of the solutions are server-side fixes.
Which requires using software that, not only can introduce security issues, can decrease the performance. I've used sshlp on the past, although I don't think it has any exploitable bugs, it's not as widely used as nginx and openssh itself.
or you think is saner that every user repeat a process for every machine, instead of offerted an alternative port for those countless users that cant (as I mention ealy) oppen 22?
I firmly believe that restricting access to SSH, port 22 only, is something that will greatly hinder wide adoption. At the very least, it will prevent myself from uploading/updating my several AUR packages.
Instead of requiring others to solve your problem, you should explain to your network administrators that this rule is counterproductive. I don't really think that this will hinder adoption since port 22 is the default ssh port.
Well burocracy and dumb admins are nought to not let you open port 22,
this word is a place ful of peoples of all kinds, and full of dumb decisions.
Cheers,
-- *Pablo Lezaeta*