OT: Dealing with a hosting company with it's head up it's rear end
Aryeh Friedman
aryeh.friedman at gmail.com
Thu Aug 13 18:59:08 UTC 2020
Forgot to ask how common is such idiocy? And is it becoming more common?
On Thu, Aug 13, 2020 at 2:56 PM Aryeh Friedman <aryeh.friedman at gmail.com>
wrote:
> The hosting company for one of our clients sent the following reply to
> us/them when we asked them to setup end user accounts on a dedicated
> Windows Server, FreeBSD box and CentOS box (all VM's on the same physical
> machine with no other VM's on the physical machine) and being told we
> needed scriptable access (not web based non-scriptable) to the windows
> desktop and shell accounts (including the ability to sudo) and they agreed
> to provide it:
>
> "[Insert client name here], we do not allow RDP or SSH into our
> datacenter. They are the primary vehicles for ransomware and cryptolocker
> breaches. We utilize a secure access portal with multi-factor
> authentication to ensure you don't get breached."
>
> I kind of understand RDP (but we have had bad luck with VNC on the same
> hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! Their
> idea of a "two factor" authentication is each connection will only be
> allowed via a web portal and must use a one-time password sent the users
> smartphone. Not only does this make automated deploy impossible it is a
> complete show stopper since our service is IoT and uses its own custom
> protocol.
>
> So how do we/the client tell the hosting company they are full of sh*t
> (the client has a 3 year contract with a pay in full to break clause with
> them which would be over $100k to break)
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
More information about the freebsd-questions
mailing list