RE: ssh alternatives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can run ssh on 2 different ports and block one interface totally
with iptables.

Regards

Thing

-----Original Message-----
From: Greg Golin [mailto:greg.golin@xxxxxxxxx] 
Sent: Wednesday, 21 September 2005 4:30 p.m.
To: General Red Hat Linux discussion list
Subject: Re: ssh alternatives

Thanks, Thing. 

I use AllowUsers -- thats a great directive.

I wonder if its possible to run sshd on two different ports on
separate interfaces..

GG

On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote:
> We run ssh on a non-standard port and have no issues with scripts....
> 
> Anyway options we use,
> 
> 1) Non-standard ssh port
> 
> 2) IPtables ruleset to limit ssh connections from known subnets or
IPs.
> 
> 3) Add config to sshd_config to only allow ssh connection from certain
> users,
> 
> Eg.,
> 
> AllowUsers me you
> 
> Tcpwrappers is also an option.
> 
> We also run iptables to block on other ports eg 80, to our class B
> 
> Regards
> 
> Thing
> 
> 
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin@xxxxxxxxx]
> Sent: Wednesday, 21 September 2005 3:46 p.m.
> To: redhat-list@xxxxxxxxxx
> Subject: ssh alternatives
> 
> Following a discussion on slashdot I would like to ask this list's
> opinion on providing remote access in general and ssh vs other
> solutions in particular.
> 
> So here's the deal. I know most of sshd brute force attempts shall be
> thwarted by running the daemon on a different port. However, many
> existing scripts -- too many to change all of them -- rely on default
> ssh configuration. At the same time, my devs require constant remote
> access to the servers.
> 
> I am currently considering disabling ssh on external interfaces and
> installing openswan.
> 
> What is your opinion on this issue?
> 
> Thanks.
> G
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux