Re: Provide SSH to someone w/ dynamic IP address {Scanned}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 4 Sep 2004 12:42:54 +0200, Volker Kindermann wrote
> Hi,
> 
> > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the 
range
> > of ip addresses he is getting is so large, it will defeat the purpose to
> > blocking ssh because I would have to open up to so many ranges. Is there 
any
> > solution?
> 
> it might be necessary to open port 22 for all ip-addresses.
> 
> To lock it down, you may want to put the allowed ssh-users in a 
> group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config.
> 
> Additionally you may want to disable password-login and allow only 
> key-based login.
> 
> So your ssh should be sufficiently save.

I understand his concern. SSH has had its problems in the past. I just had to 
recover totally an old system for someone that had not kept up with updates 
and got zapped with a ssh exploit.


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux