[Cnqo] External ssh access to Wildebeest
Timothy Briggs
timothy.briggs at strath.ac.uk
Fri Dec 6 16:34:11 GMT 2024
Hello,
IT Services are reviewing open SSH access to servers. As in, "why are these setup this way and can we remove access?"
If you can, please provide a rationale for the service continuing.
My initial explanation for needing Wildebeest ssh access:
"The research group who use wildebeest use it to move data from other locations, and from Archer."
The question in reply:
"Can the server not pull the data from the remote sites - ie initiate the connection at our end, thus removing the need to expose a ssh server externally?
If they are connecting from specific external hosts, can we limit that on the front door firewall config (as we do for several other similar services)"
I think restricting access to a set of IPs is a possibility. Or can you use a VPN connection first and then access the external data?
Thanks,
Timothy
Timothy Briggs
Research and Teaching Support
Department of Physics, University of Strathclyde, John Anderson Building, 107 Rottenrow, Glasgow G4 0NG
Tel: 0141 548 3376 Email: timothy.briggs at strath.ac.uk<mailto:timothy.briggs at strath.ac.uk>
The University of Strathclyde is a charitable body, registered in Scotland, number SC015263
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://phys.strath.ac.uk/pipermail/cnqo/attachments/20241206/5fd03382/attachment.htm>
More information about the Cnqo
mailing list