20090306 Meeting Sysadms



Before summer, says Mendel:

  1. hop has to be moved
  2. separate the crit / non-crit systems
  3. move webserver behind firewall
  4. password cleanup
    • SSH keys for user account access (via hop)
    • on crit server, local user passwords for sudo only
    • disallow password login for remote users (SSH)
    • root password only for console access
    • agent forwarding / tunnelling on hop only (otherwise hop has to be critical machine)
    • (this part into SM Wytze)



Advisory/SysadmMinutes20090306 (last edited 2011-04-30 10:13:21 by UlrichSchroeter)