I had the same problem. In the end, I determined that my user base only gets remote access in from several ISPs, so I allow those ISP in through /etc/hosts.allow. I still keep an eye on the ssh logs for any attempts through those ISPs but it happens rarely, plus we enforce strong passwords here as well. Our organization is employing VPN access to those who need it so in the near future our users will have to VPN into the organization, then ssh to the machines they need access to. I've been testing it and it works well, but concerned about the process of getting a VPN account. Ryan -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Greg Golin Sent: Tuesday, September 20, 2005 11:46 PM To: redhat-list@xxxxxxxxxx Subject: ssh alternatives Following a discussion on slashdot I would like to ask this list's opinion on providing remote access in general and ssh vs other solutions in particular. So here's the deal. I know most of sshd brute force attempts shall be thwarted by running the daemon on a different port. However, many existing scripts -- too many to change all of them -- rely on default ssh configuration. At the same time, my devs require constant remote access to the servers. I am currently considering disabling ssh on external interfaces and installing openswan. What is your opinion on this issue? Thanks. G -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
