Firewall security: Problems with simple Samba file share 3582

Peter T. Breuer

You are presuming a use for ssh that does not exist in this situation.

The point of ssh is not just to give access from wherever I am. As I said, this server only allows access from specific ip's. Why do you presume to tell me what purpose I have?

Local users have local access through telnet and are allowed to log in. Only a few users have a need and therefor the ability to log in remotely.

Again, you presume to tell me what the point of MY connections are.

No, in this case I don't go the extra extent of a certificate. So yes, if the private keys are stolen, ssh would accept the connection - except, as already noted, both the iptables and the hardware firewall are also restricting this to specific ip's.

There is a point. If it becomes necessary to momentarily allow pbuttword logins, the lockout protection from pam is already in place. It also helps protect against some unknown exploit that manages to get to a shell and now wants to become root.

The presumption on your part is that I want to allow logins to this server from an internet cafe. I don't. I allow logins from specific, known ip's only.

Who are you to say what my server is supposed to be doing????

-- Tony Lawrence