On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 <silvertip257 at gmail.com> wrote: > But at the same time it's not prudent to allow anyone access to a service > (host/port/page/whatever) when they have no need to. > > Perfect example being people who let SSH open to the world on production > boxes and do little to nothing to protect it. How do you handle the ACL when multiple users need the ssh access? Use case scenario, I have setup CentOS based LAMP servers (as an admin) and pay extra for static IPs to assure my clients that I access their servers from specific IPs only. However, the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for) At the moment, I have had to leave it open with fail2ban monitoring the ssh port. -- Arun Khan Sent from my non-iphone/non-android device