We run ssh on a non-standard port and have no issues with scripts.... Anyway options we use, 1) Non-standard ssh port 2) IPtables ruleset to limit ssh connections from known subnets or IPs. 3) Add config to sshd_config to only allow ssh connection from certain users, Eg., AllowUsers me you Tcpwrappers is also an option. We also run iptables to block on other ports eg 80, to our class B Regards Thing -----Original Message----- From: Greg Golin [mailto:greg.golin@xxxxxxxxx] Sent: Wednesday, 21 September 2005 3:46 p.m. To: redhat-list@xxxxxxxxxx Subject: ssh alternatives Following a discussion on slashdot I would like to ask this list's opinion on providing remote access in general and ssh vs other solutions in particular. So here's the deal. I know most of sshd brute force attempts shall be thwarted by running the daemon on a different port. However, many existing scripts -- too many to change all of them -- rely on default ssh configuration. At the same time, my devs require constant remote access to the servers. I am currently considering disabling ssh on external interfaces and installing openswan. What is your opinion on this issue? Thanks. G -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
