What Are You Doing Right Now
-
@coliver said:
Thanks for the explanation, I assumed about half of that but you, as usual, went into far greater depth. Wouldn't having the private keys on this server be an issue? Or is it because it is so locked down and none of the other servers will accept connection coming from anywhere else that this is less of a concern?
Nothing is perfect, of course. But the theory is that if you have a single, highly secure, heavily monitored gateway it is far more secure than many less secure, less watched, less monitored systems. And keys are way more secure than passwords. And breaking into Jump server is as hard, or possibly harder, than breaking into the individual servers. So the theory is that it manages to add tighter security overall while also improving ease of use so that people actually leverage the security. It is certainly a compromise, but far better than people putting private keys onto every desktop and laptop that they touch for the same purposes!!
Because you need only log in once and then get access as needed, using a Jump server offers a reasonable chance to implement a super tight key + passphase system for accessing it AND it is a great opportunity to implement two factor authentication. Make people work hard to access that one box, one time. Once in, then doing their work is super easy. It's a great tradeoff between security and usability which, after decades of use, has proven to be one of the most viable compromises in making a system that makes work both easy and secure.
-
@thanksajdotcom said:
It's a handy thing to have. I've used it in the past as a way to access my Linux servers via SSH in case I wasn't on a machine that had Pertino on it. I download PuTTY/KiTTY quick, ssh to the jump server via the hostname I setup publicly and boom, I have access to all my internal SSH-accessible devices. And since I have root as the username for all and keys setup, it's super easy.
We use it even when there is Pertino. We just access the Jump box and then other machines via Pertino on the Jump box. And in some cases, access the Jump box via Pertino too. You could easily make a Jump box that uses the Internet ONLY for patching and Pertino and all access in and out via SSH is on the Pertino network.
-
Or you can use the Jump station as a way into Pertino - access the Jump station via the Internet from anywhere but get Pertino access once logged in.
-
@scottalanmiller said:
@thanksajdotcom said:
It's a handy thing to have. I've used it in the past as a way to access my Linux servers via SSH in case I wasn't on a machine that had Pertino on it. I download PuTTY/KiTTY quick, ssh to the jump server via the hostname I setup publicly and boom, I have access to all my internal SSH-accessible devices. And since I have root as the username for all and keys setup, it's super easy.
We use it even when there is Pertino. We just access the Jump box and then other machines via Pertino on the Jump box. And in some cases, access the Jump box via Pertino too. You could easily make a Jump box that uses the Internet ONLY for patching and Pertino and all access in and out via SSH is on the Pertino network.
Yup, I've done that too.
-
@scottalanmiller I personally have always put in RD Proxies that have to be used to get to other servers. It's much easier for logging who accessed what. It's actually the only thing that saved my butt when I left my last job and they tried to say I sabotaged servers after I was no longer there.
-
Now seeing if I can find a dirt cheap laptop (or maybe a freebie on craigslist) to use. Likely will just run CentOS on it.
-
Just received the best ticket I've had in a while...
On Mar 12, 2015 @ 10:10 am, Christine wrote:
Good morning,This message just turned up in my inbox. I don't recall ever sending a message to Matt Speller. Does this indicate that my computer has a virus?
Christine
-----Original Message-----
From: Mail Delivery System [mailto:
Sent: March-12-15 10:07 AM
To: Christine
Subject: Mail delivery failed: returning message to senderThis message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
retry timeout exceeded -
Darn that Matt Speller.
-
What a virus sending jerk right? Geez.
-
That should be the name of the next big virus.
-
Lets hope not
-
My system is infected with Matt.Speller!!
-
Quiet afternoon here. Needed one of those.
-
Here too. Of course I bought that by working since 6am. So my "shift" is done in 20 minutes and my day is over.
-
The family leaves for Florida tomorrow afternoon. I get a week mostly alone after that.
-
Ugh, Ran into one of those avid gamer types. Yeah, Yeah brag about you FPS and how much you spent on it. while everyone else know you can't see that many. Else you'd be seeing the lights cut on & off too with the AC mains frequency (or twice for some type light)
-
Actually, lights are only at 60, a lot of people can see that. Not the majority, but a lot. That's why traditional florescents are so often uncomfortable, the constant high speed flicker.
-
Lots of people will notice as the ballasts in them age. Another fun fact is in North America they all hum at the same pitch, I don't recall exactly but I think it's a B flat.
-
I can see lights flicker, I can also hear them, it sucks. But I can't see games at that same speed, the movement makes that unrealistic. I do know one guy who can see over 65 Hz. It really sucked for us in the pre-LCD days. We always had to buy "special" monitors that could do 85 Hz. The difference was unbelievable. One was a continuous headache and this odd, not quite there, but not quite not there flicker thing going on. The screen was unstable. That is partially why I loved non-GUI systems back in the day, the old terminals had low refresh rates but they have very high persistence screens so they were blurry rather than flickery.
Once we moved up to 85Hz the screen would be rock solid.
-
Nearly time to call it a day. And tomorrow is Friday!
