Per Jessen said the following on 09/10/2010 02:13 AM:
I couldn't care less, but it's company policy only to allow external ssh access via the gateway anyway.
Indeed. A common and respectable security control. OK, no single control is all-powerful and invincible, but that is no reason to gainsay it and discard it. The point that James keeps making is that the 'Net of today is not the 'Net of the 1970s and 1980s (BTDT) and unfettered peer-to-peer access is not required. That is why we have isolated subnets. Heck, many of my clients have subnets _within_ their premises that are behind a firewall (or even NAT'ed) to restrict access. One bank has a subnet where all the internal data services, ldap & web based directories, are behind a NAT and you need SSH+token to get there to maintain them. Special ports? Yes, but that's all hidden in the application software, so "who cares". Not the users. Its all transparent. From the POV of the application developers its no different to writing any other API-driven interfaces. -- The great successful men of the world have used their imagination ... think ahead and create their mental picture in all it details, filling in here, adding a little there, altering this a bit and that a bit, but steadily building - steadily building. -- Robert Collier -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org