Re: Provide SSH to someone w/ dynamic IP address {Scanned}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



How about moving sshd from 22 to another port (85?) that only you and he
would know. Then he would ssh to -p 85. Anyone ssh to -p 22 would get a
timeout.

Thought about that...but if anyone is port scanning my network they would evently find the open port and it's a matter to time.

OK, then they know you exist, but that doesn't necessarily mean they can compromise your system. I haven't figured out how to be generally invisible except to friendlies, but one can allow ingress to members of only specific groups via the /etc/ssh/sshd_config "AllowGroups" entry (or to specific users via "AllowUsers").


For example, you can create a group "frobozz" and put your friend's id in that group, then put a line in /etc/ssh/sshd_config
"AllowGroups" frobozz


Of course, you'll also want to have a line
	PermitRootLogin no

I, too, am curious how to make the port visible to only the select few, but I don't think it can be done. The best I've found is to deny entry to those undesirables who do find my (non-standard) SSH port. Is there such a magic bullet?


-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux