Page 1 of 1

Make EVE use https and ssh instead http and telnet per default

Posted: Thu Jul 20, 2017 7:20 am
by Chris929
Hi,

would it be a big issue to make eve run with https via default?
Currently you have to manually fix this (http://www.eve-ng.net/index.php/documen ... ssl-on-eve) - would be great if EVE would also participate in the https everywhere ;)
Also it would be nice if the Devices from the lab could be accessible via ssh (with username and password) - currently anyone who knows the EVE-IP and Port can access the Lab-Devices Console Port without authentication - since it would be nice to hook eve up to the internet for everywhere access this is a must have. Currently I "solve" this by using a Private IP and VPN to access my eve at home.


Regards
Chris

Re: Make EVE use https and ssh instead http and telnet per default

Posted: Thu Jul 20, 2017 8:38 am
by ecze
This will not happens...

1. HTTPS Howto is enough
2. Clear telnet is the preferred way. If security matters is critical, the correct way to use EVE is: HTTPS + HTML5 Console ( to use for remote access labs )


E.

Re: Make EVE use https and ssh instead http and telnet per default

Posted: Fri Jul 21, 2017 11:48 am
by Chris929
Hi E.
thanks for the reply.

Point 1 is acceptable, however I personally disagree on point 2.
Telnet should never be a preferred way if there is ssh.
We live in a time where security is essential and therefore should be used everywhere. Security matters is always critical.
Would it be technically possible without changing too much? If yes this should be the way to go.
If not - well - something went wrong in the first place ;)

In this case I stick with my IPsec VPN and access EVE only through IPsec.
However no one using PRO or Education will acknowledge / accept this if you want to distribute this some day - Just my 2 cents...

Regards
Chris

Re: Make EVE use https and ssh instead http and telnet per default

Posted: Fri Jul 21, 2017 1:20 pm
by ecze
You completely miss the usage of EVE-NG.

It is not a solution to provide an open acces from Internet.
The community edition is not for business and should be used for personnal usage only.

Ssh make live too complicate for users. Better option is a VPN as you said.
Currently, advanced users build themselves this security protection, but future EVE PRO or Learnig edition center could support also a bundled VPN solution.

E.

Re: Make EVE use https and ssh instead http and telnet per default

Posted: Mon Jul 24, 2017 1:16 pm
by Chris929
Great - thanks :)