Re: [bitfolk] The perils of opening tcp/22 to the Internet

Hi, Can this be done with policy rather than a technical solution? There seems to be consensus that there needs to be documentation on the Bitfolk website explaining why keys are recommended and that everyone with an SSH server should be using them. However, there is, justifiably, a lot of friction over whether passwords represent a reasonable compromise in the light of being good for business. Given that Bitfolk is clearly aimed at "technical" users and (IIRC), the ssh daemon is not installed by default, at least on a fresh Debian install, would it not be reasonable to provision a new machine with Xen console access only? This way several problems would be solved or reduced: + People might be more likely to be aware of their console passwords. + People who want SSH will have to install it. I imagine that this will be a lot of people, but there is then some reasonable recourse when Bitfolk Best Practices are ignored and the customer falls foul of them. + People aren't *forced* to use keys but Bitfolk have more leverage when or if trouble occurs. + The console hosts can be hardened wrt incoming SSH scans without impacting customer activity. + A console server breach is still serious but can be more effectively contained wrt guest shell access albeit not guest availability. i.e. an intruder doesn't get a shell on the guest but they can still shut it down. + This seems to be aligned with Andy's desire to not be involved with guest operations. + It can be "sold" with the positive spin of a "control panel". I'm not privy to any information regarding the security of the console servers but it seems that a "high enough" level of security is being maintained with the auto generated passwords that are issued during the provisioning process. Regards, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF