Interfaz administrativa, login con SSH

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Interfaz administrativa, login con SSH

Frank Mascarell
Hola, lo siento por los errores, estoy usando google-traductor :)

Contraté un VPS en Digital Ocean, instalé Django-Postgres y todo funciona

correctamente. Ahora quiero aumentar la seguridad de la interfaz administrativa de Django,
Quiero que los administradores del sitio inicien sesión usando SSH, eliminando la autenticación
por contraseña Sería algo similar a cuando me conecto al servidor con PuTTY a través de SSH.

Hay poca documentación de SSH-Django, pero encontré un paquete interesante llamado
simplesshkey, que puede relacionar las claves SSH con un usuario, guardándolas en la base de datos
de Django. No sé si con este paquete puedo lograr mi objetivo, pero no lo creo.

¿Hay alguna manera de hacer esto?
¿Puedo reconsiderar otra forma de conectarme como administrador a la base de datos, menos

seguro ? No me gustaría tener un puerto abierto remoto en Postgres, preferiría que fuera

Administrado a través de Django.

Saludos.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/e9c3552b-e751-45c5-92b2-380b40a00cd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Interfaz administrativa, login con SSH

Frank Mascarell
Vijay, thanks for the help, but the authentication of two factors seems quite uncomfortable, considering that an administrator can enter every day, several times a day, having to depend on a mobile device for each login.

I have to rethink the problem, perhaps by directly accessing postgres, through
SSH with a GUI for the client-user that includes a CRUD interface, although I do not have
knowledge of the software available for this. I have to investigate what other ways I can
identify myself to a postgress database with SSH.

Greetings.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/05cc0a47-79e8-4088-b54f-15d9d098c514%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Interfaz administrativa, login con SSH

Carlos Rocha-5
Hola, tambien te recomiendo que leas esto
Hi, i also recommend you read this


On Sun, Jun 10, 2018 at 8:02 PM Frank Mascarell <[hidden email]> wrote:
Vijay, thanks for the help, but the authentication of two factors seems quite uncomfortable, considering that an administrator can enter every day, several times a day, having to depend on a mobile device for each login.

I have to rethink the problem, perhaps by directly accessing postgres, through
SSH with a GUI for the client-user that includes a CRUD interface, although I do not have
knowledge of the software available for this. I have to investigate what other ways I can
identify myself to a postgress database with SSH.

Greetings.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/05cc0a47-79e8-4088-b54f-15d9d098c514%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
att.
Carlos Rocha

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM-7rO0B1Qk%3DO6o8kwFv1UdxGFMxYg-eKbOb5VAwkj6XHfWvGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Interfaz administrativa, login con SSH

Vijay Khemlani
"Vijay, thanks for the help, but the authentication of two factors seems quite uncomfortable, considering that an administrator can enter every day, several times a day, having to depend on a mobile device for each login.
"

Session cookies last for 2 weeks by default in Django, regardless of the login method

On Sun, Jun 10, 2018 at 11:31 PM carlos <[hidden email]> wrote:
Hola, tambien te recomiendo que leas esto
Hi, i also recommend you read this


On Sun, Jun 10, 2018 at 8:02 PM Frank Mascarell <[hidden email]> wrote:
Vijay, thanks for the help, but the authentication of two factors seems quite uncomfortable, considering that an administrator can enter every day, several times a day, having to depend on a mobile device for each login.

I have to rethink the problem, perhaps by directly accessing postgres, through
SSH with a GUI for the client-user that includes a CRUD interface, although I do not have
knowledge of the software available for this. I have to investigate what other ways I can
identify myself to a postgress database with SSH.

Greetings.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/05cc0a47-79e8-4088-b54f-15d9d098c514%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
att.
Carlos Rocha

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM-7rO0B1Qk%3DO6o8kwFv1UdxGFMxYg-eKbOb5VAwkj6XHfWvGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALn3ei2WkhJ%3DhvuZ0Z3GnepUqk4X9wpBbzL_40OHQ1mH%2BzQLmA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Interfaz administrativa, login con SSH

Frank Mascarell
In reply to this post by Frank Mascarell
Gracias por vuestras recomendaciones de seguridad, muy interesantes.
Después de recapacitar con todo esto, me planteo lo siguiente; si estamos desarrollando una tienda online,
donde la base de datos se encuentra en un host remoto, y los administradores de la tienda deben
entrar en ella diariamente, con todos los permisos (CRUD), ¿ la máxima seguridad que se puede
implementar para la interfaz administrativa es mediante la autenticación de dos pasos ?
¿ No hay otra forma de hacerlo ? Por ejemplo, podría crear un programa en Python, utilizando
la librería Paramiko para conectarme via SSH, y después ejecutar el comando que puede llamar
al mismo tiempo a otro programa personalizado en el servidor, que abriría una ventana de navegador
con la interfaz administrativa, si la autenticación es correcta.
¿alguna idea mejor? 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ad384adf-4b44-4e3b-9beb-daff67458ca6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Interfaz administrativa, login con SSH

Vijay Khemlani
La máxima seguridad (razonable) sería conectarse a una VPN y que el admin de Django solo acepte logins desde dentro de la VPN, pero para el 99% de los casos suena innecesario.

Para abrir un navegador dentro del servidor mismo tendrías que tener instalado todo ambiente de escritorio en el servidor (XFCE, GNome, KDE, algo, asumiendo un Linux), conectarte por SSH con soporte para X Server y mandar todos los comandos via red a ese navegador, lo que es extremadamente engorroso.

La autenticación por dos pasos es lo que usa Google, Steam, y muchos otros servicios de alta seguridad.



On Mon, Jun 11, 2018 at 7:06 PM Frank Mascarell <[hidden email]> wrote:
Gracias por vuestras recomendaciones de seguridad, muy interesantes.
Después de recapacitar con todo esto, me planteo lo siguiente; si estamos desarrollando una tienda online,
donde la base de datos se encuentra en un host remoto, y los administradores de la tienda deben
entrar en ella diariamente, con todos los permisos (CRUD), ¿ la máxima seguridad que se puede
implementar para la interfaz administrativa es mediante la autenticación de dos pasos ?
¿ No hay otra forma de hacerlo ? Por ejemplo, podría crear un programa en Python, utilizando
la librería Paramiko para conectarme via SSH, y después ejecutar el comando que puede llamar
al mismo tiempo a otro programa personalizado en el servidor, que abriría una ventana de navegador
con la interfaz administrativa, si la autenticación es correcta.
¿alguna idea mejor? 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ad384adf-4b44-4e3b-9beb-daff67458ca6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALn3ei187SBNfz06ZGYUuhgMcpzNtJ%3DHWABibVN%3DBxdxODSyfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.