quoth the Chris Brenton: > > A VPN is probably overkill as SSH is already a VPN (strong built in > authentication and encryption. Heck, I'll take Blowfish over 3DES or AES > for privacy any day of the week :). Two other options come to mind: > > 1) Bind SSH to a non-standard port > Yes someone doing a full port scan can still find it, blah, blah, blah. > I've been running this for years and have yet to receive a single > non-authorized connect to the port that has actually performed an SSH > handshake. > > 2) Setup port knocking > http://www.linuxjournal.com/article.php?sid=6811 > I know a few people that have set this up with great success. Sure its > vulnerable to replay, but since we're talking SSH that's not really a > problem. Great way to expose ports to only certain users. > > So with either option you still want to use public/private keys or > strong passwords with SSH. They are designed to simply mask the service > from all the SSH scanning that's running around the Internet. > > HTH, > Chris Port knocking is some serious black magic. This is very interesting, and seems to be ideal for me, because I only need this access for short periods (1-2 weeks) a couple times a year. Thanks very much for the tip, -d -- Part of the problem since 1976 http://badcomputer.no-ip.com Get my public key from http://keyserver.linux.it/pks/lookup?op=index&search=bulliver "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972
Attachment:
pgpwiLo4oMM5U.pgp
Description: PGP signature
