2015-06-15 16:33 GMT-03:00 Giancarlo Razzolini <grazzol...@gmail.com>:
> Em 15-06-2015 16:26, Tom Swartz escreveu: > >> With all due respect, requiring that a user punch holes in their security >> firewalls is not a proper or long term solution to the issue at hand. >> > > It is the only solution. Is not the only as pointer in this thread, also you not considered the idea that burocracy for somethink that simple as oppen a port could take months if not year or even coutless failed attempts? > >> For home users, this might be a valid (although no less sane) solution, >> but >> in corporate networks where the firewall rules are crafted for a reason >> (e.g. to protect the rest of the devices on the network). >> > > A rule that denies outgoing SSH access is a dumb one. It doesn't protect > the rest of the devices on the network. > In my school we get attempts to forcebrute into ouir server... this once was attempted throw port 22, that what I get in response for request open port 22 in my school firewal. Therefor they refuse to open 22 since that insident. > >> As I mentioned in my original posting, (and as several other users >> mentioned) many of the solutions are server-side fixes. >> > > Which requires using software that, not only can introduce security > issues, can decrease the performance. I've used sshlp on the past, although > I don't think it has any exploitable bugs, it's not as widely used as nginx > and openssh itself. > or you think is saner that every user repeat a process for every machine, instead of offerted an alternative port for those countless users that cant (as I mention ealy) oppen 22? > >> I firmly believe that restricting access to SSH, port 22 only, is >> something >> that will greatly hinder wide adoption. >> At the very least, it will prevent myself from uploading/updating my >> several AUR packages. >> > > Instead of requiring others to solve your problem, you should explain to > your network administrators that this rule is counterproductive. I don't > really think that this will hinder adoption since port 22 is the default > ssh port. > > Well burocracy and dumb admins are nought to not let you open port 22, this word is a place ful of peoples of all kinds, and full of dumb decisions. > Cheers, > -- *Pablo Lezaeta*