ssh vs vpn and corporate policies
What is it about unix geeks with ssh access that scares corporate policy makers so badly?
I work from home sometimes.. it's easier than dragging myself into the office on the weekend to fix some bug I'd like to have fixed by Monday.. Since I'm a unix user (home and work) I prefer, very much so, to use ssh instead of VPN.. but in order to test my code I need to be able to hit a webserver.. so of course the solution is tunneling ports via ssh..
Well, no, apparently I cannot do that.. because that's a "security hole". This is so sad it's not even funny.. Anyone with an vpn account can do all kinds of nasty things on the network but knowledgeable people (there's maybe three of us) trying to work using ssh are denied the most basic of tools.
*fuming mad*
This was working the other day.. once again it got turned off.. (not the first time this happened).. not just turned off.. my session killed in the middle of working!
Edit: I should clarify, it wasn't my ssh access that was shut off - just port tunneling was disabled on our ssh box.
Comments
I'm the Firewall guy. I allow SSH access to one machine. Our Unix Admins use it. Our biggest security hole is the fact that we allow pople to access the VPN from their personal PCs. You would have to be an ignoramus to believe a Windows PC connected via broadband is more secure than allowing (and logging) SSH.
Ask your IT guy to explain why allowing Windows PCs VPN access is less of threat than SSH. Tape record it. Then post it, so we can laugh at him.
Posted by: Dan Isaacs | December 8, 2002 10:18 PM
I'm with Dan. I want this on tape...
Posted by: Techie2000 | December 8, 2002 10:51 PM
Screw that, I'd ask for it in writing...
Posted by: Jeremy Zawodny | December 9, 2002 11:14 AM
How do the inept find employment while the capable starve to death hacking out crap code whilst locked in a brick basement lit by a single bare pullstring lightbulb?
I feel your pain. ;) The only remedy however is a labotomy. Only then will you truly understand the logic of an admin who trusts MS and VPN over ssh.
Posted by: andrew | December 9, 2002 11:58 AM