8/11/03 Ssh

[admin]

We are done with the updates to the unix#.hpshere systems so we should be able to start to allow SSH tonight. I want the unix admin that has been doing these upgrades to go over the systems tonight and make sure all is as safe as we can make it.

I will have him post here if he feels it is all safe and start to approve SSH once again.

If your SSH was removed or Prohibited over the last week just rerequest it and we should be able to get it turned back on.

We have a lot of you that have requested it already as long as it has not been Prohibited you should be fine.

All pending shell access request have been processed and all but one (at reseller's request) have been approved.

Here's what we have:

The unix* servers are now all running FreeBSD 4.8-RELEASE-p3 rather than a patchwork of several versions. This version covers all known security issues.
A significant amount of third-party software has been reinstalled as a matter of upgrading and linking against recently patched libraries.
Compiler access remains available. Don't see the point in disabling it since anyone can copy a binary from an outside box.
No leaving background processes while not logged in.
Processes other than your own will not be visible.
Some other stuff that I'm forgetting but will probably annoy you...
Errors about altered ssh keys and man in the middle attacks are par for the course and you can expect to see some the first time you login.


Jailed shell environments are being considered but may not be worth the trouble.