Date: Thu, 13 Aug 2020 15:06:57 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: "Jack L." <xxjack12xx@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> In-Reply-To: <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 13, 2020 at 3:04 PM Jack L. <xxjack12xx@gmail.com> wrote: > Just change the ssh/rdp ports? > > All ports except 80 and 25 are firewalled > On Thu, Aug 13, 2020 at 11:59 AM Aryeh Friedman > <aryeh.friedman@gmail.com> wrote: > > > > Forgot to ask how common is such idiocy? And is it becoming more common? > > > > On Thu, Aug 13, 2020 at 2:56 PM Aryeh Friedman <aryeh.friedman@gmail.com > > > > wrote: > > > > > The hosting company for one of our clients sent the following reply to > > > us/them when we asked them to setup end user accounts on a dedicated > > > Windows Server, FreeBSD box and CentOS box (all VM's on the same > physical > > > machine with no other VM's on the physical machine) and being told we > > > needed scriptable access (not web based non-scriptable) to the windows > > > desktop and shell accounts (including the ability to sudo) and they > agreed > > > to provide it: > > > > > > "[Insert client name here], we do not allow RDP or SSH into our > > > datacenter. They are the primary vehicles for ransomware and > cryptolocker > > > breaches. We utilize a secure access portal with multi-factor > > > authentication to ensure you don't get breached." > > > > > > I kind of understand RDP (but we have had bad luck with VNC on the same > > > hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! > Their > > > idea of a "two factor" authentication is each connection will only be > > > allowed via a web portal and must use a one-time password sent the > users > > > smartphone. Not only does this make automated deploy impossible it is > a > > > complete show stopper since our service is IoT and uses its own custom > > > protocol. > > > > > > So how do we/the client tell the hosting company they are full of sh*t > > > (the client has a 3 year contract with a pay in full to break clause > with > > > them which would be over $100k to break) > > > > > > -- > > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > > > > > > > > -- > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw>