14 Mar
2010
14 Mar
'10
11:13 a.m.
Hi Alex,
On Sun, Mar 14, 2010 at 11:01:00AM +0000, Alex Harrington wrote:
Would it be too much administrative overhead for you
to have two levels of vps images.
One would be fairly locked down, maybe with ssh on a different port, fail2ban and a basic
firewall pre installed.
The second would be the image you currently provide with ssh locked to key authentication
only.
If people want a vps provisioned with a password they get the first image. Users who
provision with a key can choose either image.
Provisioning *should* of course just be an automated web affair (and
despite appearances, I *have* been making progress towards that and
it *will* happen).
Once that happens then it should be easy to offer variations upon
the standard image, with tweaks like this built in.
It's just that I'm not convinced that the average customer will
know/care what the point of all that is. I can try to educate, I can
alter defaults and provide opt-outs, but I have seen limited success
with that sort of thing before.
At the very least the default image would still have to have an
effective defence against ssh scanning in it, such as
DenyHosts/Fail2Ban.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting