[Bio-linux-dev] Security

Tim Booth tbooth at ceh.ac.uk
Fri Sep 12 10:54:20 EDT 2014 

Hi Tony,

I have never known fail2ban do anything other than lock out legitimate
users and generally be a massive PITA.  We had something very similar
way way back on Bio-Linux 2.1 and we got rid of it sharpish.

My preferred option to increase SSH security would be to disable
password logins and then make it really really easy (ie. click an icon
and follow simple instructions) to generate a public key.  The switch to
x2go makes this possible as it fully supports key based logins.

I'd be interested to hear opinions from others on this list.  What do
you think?

TIM

On Fri, 2014-09-12 at 13:23 +0100, Tony Travis wrote:
> On 12/09/14 13:03, Tim Booth wrote:
> > Hi Tony,
> >
> > For some reason I thought this was an install-time option.  Maybe it was
> > in the past or maybe my memory is failing (not for the first time).
> >
> > So yes, it is basically inherited from Ubuntu.  But I'm not convinced it
> > is insecure for most users, and certainly if users do want to let their
> > guests on the machine is is more secure then the traditional "here's my
> > password on a post-it note" approach, so I'd be reluctant to remove it
> > without an obvious way to put it back or knowing some specific threat
> > that it exposes.  My impression is that only users at the local console
> > can get a guest session, so for servers locked in the server room it
> > should be a moot point?
> 
> Hi, Tim.
> 
> The machine in question was accessed as "guest" from the console in an
> unsupervised area (PhD office). However, this machine is also used as a
> terminal server. On the question of security, I think it would be wise
> to pre-install "fail2ban" for people who enable the SSH server. I think
> the Bio-Linux as a terminal server use-case needs to address security.
> 
> Bye,
> 
>   Tony.
> 
> --
> Dr. A.J.Travis, University of Aberdeen, Institute of Biological and
> Environmental Sciences, Cruickshank Building, St. Machar Drive, Aberdeen
> AB24 3UU, Scotland, UK. tel +44(0)1224 272700, fax +44 (0)1224 272 396
> http://www.abdn.ac.uk, mailto:tony.travis at abdn.ac.uk, skype:ajtravis
> 
> 
> The University of Aberdeen is a charity registered in Scotland, No SC013683.
> Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683.

-- 
Tim Booth <tbooth at ceh.ac.uk>
NERC Environmental Bioinformatics Centre 

Centre for Ecology and Hydrology
Maclean Bldg, Benson Lane
Crowmarsh Gifford
Wallingford, England
OX10 8BB 

http://nebc.nerc.ac.uk
+44 1491 69 2705

More information about the Bio-linux-devel mailing list