quoth the Jason Opperisano: > > What I would like to know is > > could I use this rule to allow ssh connections ONLY from my notebook no > > matter what its current IP address happens to be, and drop all other > > connection requests? > > yes--as long as "notebook" and "ssh server" are on the same network. I guess that won't look for what I want then, perhaps I can explain better: I already have ssh access for the notebook from the private interface of the server inside the LAN. The server accepts incoming www and smtp connections on the public interface, everything else is dropped. What I would like is ssh access from the public side, ie, the internet. This is so I could check my mail and update my website if I was on the road, from say, web cafe's or somesuch where the IP address would change frequently. > keep in mind--nothing prevents "badguy" from configuring his NIC to have > the same MAC as your "notebook" Good advice, and point taken. > if you're worried about security of "ssh server"--disable > PasswordAuthentication and only allow RSAAuthentication and/or > PubkeyAuthentication. I will look into this. I assume however that I would need to keep port 23 open for everyone on the public side for this to work. I was hoping to drop the packets from everyone except my notebook, hence the original question. Is there no way to do this? Thanks Jason and Frank for taking the time to answer my questions, -d -- Part of the problem since 1976 http://badcomputer.no-ip.com Get my public key from http://keyserver.linux.it/pks/lookup?op=index&search=bulliver "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972
Attachment:
pgpdUJ1ZYOS8T.pgp
Description: PGP signature