I had an argument with a person a few months ago when I proposed we forward port 12xyz to an internal SSH server.
The target server was tied down in a manner similar to the one recommended by @stribika at http://ift.tt/1AzV6N1. Specifically, no root access, public key authentication only, non-standard ssh port, high-quality ciphers, kex, and, macs.
I was arguing that the forwarded port was not inherently dangerous in itself, and that the safety was dependant on the service at the target port. I maintained my method was a perfectly safe way to gain remote access. He vehemently argued that it was not, stating that a VPN tunnel is the only safe way to achieve remote access.
Who was right?
Aucun commentaire:
Enregistrer un commentaire