Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Aug 2020 14:56:43 -0400
From:      Aryeh Friedman <aryeh.friedman@gmail.com>
To:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   OT: Dealing with a hosting company with it's head up it's rear end
Message-ID:  <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
The hosting company for one of our clients sent the following reply to
us/them when we asked them to setup end user accounts on a dedicated
Windows Server, FreeBSD box and CentOS box (all VM's on the same physical
machine with no other VM's on the physical machine) and being told we
needed scriptable access (not web based non-scriptable) to the windows
desktop and shell accounts (including the ability to sudo) and they agreed
to provide it:

"[Insert client name here], we do not allow RDP or SSH into our datacenter.
They are the primary vehicles for ransomware and cryptolocker breaches. We
utilize a secure access portal with multi-factor authentication to ensure
you don't get breached."

I kind of understand RDP (but we have had bad luck with VNC on the same
hosting provider in the past so we prefer RDP), but SSH!?!?!?!?!    Their
idea of a "two factor" authentication is each connection will only be
allowed via a web portal and must use a one-time password sent the users
smartphone.  Not only does this make automated deploy impossible it is a
complete show stopper since our service is IoT and uses its own custom
protocol.

So how do we/the client tell the hosting company they are full of sh*t (the
client has a 3 year contract with a pay in full to break clause with them
which would be over $100k to break)

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w>