On Fri, Mar 21, 2003 at 01:41:22AM -0500, Joel Newkirk wrote: > On Thursday 20 March 2003 06:23 pm, Mark Seamans wrote: > > I wish to protect the box itself, while it preforms it's duties as a > > Router allowing only ssh from the ip's that I wish for management. > > This way I can also setup rules to protect it form DOS attacks etc... > > > > So any suggestions would be great. > > > Another approach might be to have only one or two IPs from which you > allow SSH connections. Then if you need to connect from a remote I've seen the argument made that ssh should be configured only to authenticate with rsa keys. (PasswordAuthentication no) It makes it impossible for someone to try guessing passwords. Whether or not you can keep your key secure is another matter. Also, running ssh on another port, say port 25 or 80 will help you evade some of the automated scanning tools. Kelly -- Kelly Setzer, System Administrator/Architect - Placemark Investments 14180 Dallas Pkwy, Suite 200, Dallas, TX 75240 kelly.setzer@xxxxxxxxxxxxx http://www.placemark.com (972)404-8100x41 (work) (214) 287-3464 (cell)
