Forum Stats

  • 3,770,215 Users
  • 2,253,082 Discussions
  • 7,875,368 Comments

Discussions

DDNS: Is there a way to setup separate passphrases for each host?

gladiola
gladiola Member Posts: 2
edited Mar 10, 2020 12:54PM in Dyn Community

Is there a way to setup separate passphrases for each host?  When I use ddclient, as outlined here:  https://help.dyn.com/ddclient/ , it seems as though the only way for each host to check in is with the same username and password.  I notice that those same values control access to the web portal at Dyn.  This seems like a security flaw.  Is there a way to get a separate passphrase for each host on the account?  If so, how is this done?

Thanks in advance.

RotBlitz

Answers

  • RotBlitz
    RotBlitz Member Posts: 149 Red Ribbon
    edited Mar 10, 2020 12:25PM

    With DynDNS Pro there is no way to have a separate password for each host, but you can use the Client Updater Key instead of the account password for DDNS updates.

    In case you want to offer such hostnames to your customers, then this is the wrong unintended purpose for this service.  This is not recommended.  The service is for own use only, and therefore your security concerns do not really apply.

  • gladiola
    gladiola Member Posts: 2
    edited Mar 10, 2020 12:44PM

    If a host running an updater client were compromised, and the username and password for the account was stored on that host, then how would a customer's account be protected from abuse?

  • RotBlitz
    RotBlitz Member Posts: 149 Red Ribbon
    edited Mar 10, 2020 12:52PM

    Neither does a host run an updater client, nor are credentials stored on a host.  How are customer accounts been protected from abuse?  They are protected by your credentials, and it is up to you how strong your credentials are.  If something is compromised, then your credentials were too weak.

    Why do you ask such questions?  What is your scenario which is so insecure and weak?

  • Michael.R.Taylor-Oracle
    Michael.R.Taylor-Oracle Posts: 255 Employee
    edited Mar 10, 2020 12:54PM

    As Rot had shared, Remote Access services were intended for personal use, not businesses who support clients. As such they do not allow for multiple user log ins. You can choose to generate an updater key which would be used in place of the password for the account, however if you generate a key all devices associated with the account will require you to reenter the newly generated key.

    The alternate is to create a unique user account for your client and purchase a service pack to be used on only their devices.

    Mike

    Oracle + Dyn

    RotBlitz