[33259] in North American Network Operators' Group
RE: FTP with authentication to RADIUS
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Fri Jan 5 16:15:18 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922869BCE@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Steve Sobol' <sjsobol@NorthShoreTechnologies.net>,
"Brian W." <bri@sonicboom.org>
Cc: Andrew Brown <atatat@atatdot.net>,
Roeland Meyer <rmeyer@mhsc.com>, joshua stein <jcs@rt.fm>,
nanog@nanog.org
Date: Fri, 5 Jan 2001 13:13:07 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Steve Sobol [mailto:sjsobol@NorthShoreTechnologies.net]
> Sent: Friday, January 05, 2001 12:35 PM
>
> "Brian W." wrote:
>
> > scp is also a possibility, its usage is a bit cryptic, but it is an
> > option..
> But it requires an active shell account on both ends.
>
> Ain't no way I'm granting shell access to anyone who doesn't
> specifically
> ask for it. Actually, I'm picky about granting it even to
> people who DO
> ask for it.
This pretty much reflects the attitudes of most of production Unix admins. I
don't do it here either. The only shell accounts, on production hosts, are
admins and I force most of them to use sudo. Very few (2) have root access
here. We've also killed telnetd and ftpd (as in; deleted, never to be used,
period). If we have a customer that needs to upload files, we write a
special applet for them and make them use a web browser.
