On Sat, 2008-08-30 at 09:59 +0100, Frank Murphy wrote: > I mean only allow ssh access from those two scenarios, > my laptop + an F9 usb-stick. > > because there are attempts by "fluffy" and other(s) to access the box. Well, if your own computers are from fixed IPs, you can set those into a list of IPs allowed to connect. However, that doesn't stop someone else who's able to get the same IP from trying. Good passwords, and only using the newer SSH2 protocol, makes it damn hard for anyone else to get in. They can try, and that's about it. Something like fail2ban will automatically firewall off someone who tries and fails, so they don't get to try again. There's a few of those sort of things, which will auto-blacklist addresses for a while. It could be a permanent blacklist, but you'd only want to do that if there was no chance of accidentally locking yourself out. Look into finding and using fail2ban. I think that's your best way to handle it. -- [tim@localhost ~]$ uname -r 2.6.25.14-108.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
