One port per line, eg., Port 49 Port 22 Regards Steven -----Original Message----- From: Greg Golin [mailto:greg.golin@xxxxxxxxx] Sent: Wednesday, 21 September 2005 4:43 p.m. To: Steven Jones Subject: Re: ssh alternatives What would that entry look like in sshd_conf? Thanks. G On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > You can run ssh on 2 different ports and block one interface totally > with iptables. > > Regards > > Thing > > -----Original Message----- > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > Sent: Wednesday, 21 September 2005 4:30 p.m. > To: General Red Hat Linux discussion list > Subject: Re: ssh alternatives > > Thanks, Thing. > > I use AllowUsers -- thats a great directive. > > I wonder if its possible to run sshd on two different ports on > separate interfaces.. > > GG > > On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > > We run ssh on a non-standard port and have no issues with scripts.... > > > > Anyway options we use, > > > > 1) Non-standard ssh port > > > > 2) IPtables ruleset to limit ssh connections from known subnets or > IPs. > > > > 3) Add config to sshd_config to only allow ssh connection from certain > > users, > > > > Eg., > > > > AllowUsers me you > > > > Tcpwrappers is also an option. > > > > We also run iptables to block on other ports eg 80, to our class B > > > > Regards > > > > Thing > > > > > > -----Original Message----- > > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > > Sent: Wednesday, 21 September 2005 3:46 p.m. > > To: redhat-list@xxxxxxxxxx > > Subject: ssh alternatives > > > > Following a discussion on slashdot I would like to ask this list's > > opinion on providing remote access in general and ssh vs other > > solutions in particular. > > > > So here's the deal. I know most of sshd brute force attempts shall be > > thwarted by running the daemon on a different port. However, many > > existing scripts -- too many to change all of them -- rely on default > > ssh configuration. At the same time, my devs require constant remote > > access to the servers. > > > > I am currently considering disabling ssh on external interfaces and > > installing openswan. > > > > What is your opinion on this issue? > > > > Thanks. > > G > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
