Hi,
I have EVE-NG server I would like to access outside of my LAN, so I have configured port forwarding on my home router for ssh, http and the ports for the reverse telnet to the consoles of the devices. I have secured the access a bit (public-key only ssh, strong EVE-NG passwd etc...) however the console access to the virtual devices is completely exposed. Even if I put username/password for the console, once I login anybody can telnet to the public IP and port and they will get access to my console session, see anything I type and even get control at any time...
I know there are many solutions to prevent this outside of EVE-NG (use VPN, use pass-trough FW authentication etc, but is there something that can be done from within EVE-NG to secure these sessions like some kind of authentication, white list or at least limit the sessions to the destination ports for the console access to one?
Regards,
Secure the access to the lab devices
Moderator: mike
-
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Secure the access to the lab devices
Best solution will be use html access to consoles..if you dont trust your connected clients.
or EVE-PRO has better solution html desktop console.
Or VPN access where you root is locked, and user can simply access to your nodes over telnet. I used such with simple ASA, where VPN client can access only to EVE IP with bunch of ports for telnet. But no access port 22 to eve root.
Simple rules.
Or if to dig deeper, Ubuntu FW rules and tables then...
https://www.digitalocean.com/community/ ... untu-16-04
UD
or EVE-PRO has better solution html desktop console.
Or VPN access where you root is locked, and user can simply access to your nodes over telnet. I used such with simple ASA, where VPN client can access only to EVE IP with bunch of ports for telnet. But no access port 22 to eve root.
Simple rules.
Or if to dig deeper, Ubuntu FW rules and tables then...
https://www.digitalocean.com/community/ ... untu-16-04
UD
-
- Posts: 1
- Joined: Thu Jul 26, 2018 6:53 pm
Re: Secure the access to the lab devices
The users basically students and the employees have to use a lab device. They should aware about their security in case saving any personal data. You may get any other details from gmail support that definitely helpful to you.