You can run ssh on 2 different ports and block one interface totally with iptables. Regards Thing -----Original Message----- From: Greg Golin [mailto:greg.golin@xxxxxxxxx] Sent: Wednesday, 21 September 2005 4:30 p.m. To: General Red Hat Linux discussion list Subject: Re: ssh alternatives Thanks, Thing. I use AllowUsers -- thats a great directive. I wonder if its possible to run sshd on two different ports on separate interfaces.. GG On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > We run ssh on a non-standard port and have no issues with scripts.... > > Anyway options we use, > > 1) Non-standard ssh port > > 2) IPtables ruleset to limit ssh connections from known subnets or IPs. > > 3) Add config to sshd_config to only allow ssh connection from certain > users, > > Eg., > > AllowUsers me you > > Tcpwrappers is also an option. > > We also run iptables to block on other ports eg 80, to our class B > > Regards > > Thing > > > -----Original Message----- > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > Sent: Wednesday, 21 September 2005 3:46 p.m. > To: redhat-list@xxxxxxxxxx > Subject: ssh alternatives > > Following a discussion on slashdot I would like to ask this list's > opinion on providing remote access in general and ssh vs other > solutions in particular. > > So here's the deal. I know most of sshd brute force attempts shall be > thwarted by running the daemon on a different port. However, many > existing scripts -- too many to change all of them -- rely on default > ssh configuration. At the same time, my devs require constant remote > access to the servers. > > I am currently considering disabling ssh on external interfaces and > installing openswan. > > What is your opinion on this issue? > > Thanks. > G > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
