In the wise words of philippe Libat:
> Jay Beale a écrit :
> >
> > I'm currently looking at the firewall design and am a litle curious:
>
> great.
>
> > How many of you are ssh-ing into the firewall box?
> many admin users are using the ssh remote connection instead of telnet.
> It's more secure, isn'it ? :=)
HEee heee. Yes. :)
But I was under the impression that the system was intended to only be
administered through the web interface. Given the internals of the
configuration system, someone trying to configure through file edits AND
through the web interface would quite possibly find their changes not taking
effect, or at least interfering with each other.
The other reason it would be helpful is that if someone will only be
administering the system via the web interface, we can lock down the rest
even more tightly...
> > If you are, why? Just to look around or do you prefer to admin the box
> > via shell-access?
>
> Sorry i dont't understand the question ?
> To look around what ?, it's not a game, or a trip.
> Are you connecting to your cisco or 3COM gateway just to look around ?
No, that's my whole point. I'm not connecting to my Cisco or 3COM gateway
at all. I've turned the telnet option off on my Cisco. I administer the
Cisco router through a dedicated serial interface, or at least through a
dedicated interface...
> Of course, we are using remote connection, if your web session was
> closed, or if you want to
> do some admin tasks not included in the web tool, you can do it with a
> remote connection.
Yes, this is the part I worry about. Why not remove the ssh capability,
or restrict it to one interface? We can try to encourage people to use
the web interface, right?
- Jay
