sweet. *ignores wife, logs in to implement* Thanks! GG On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > One port per line, eg., > > Port 49 > Port 22 > > Regards > > Steven > > -----Original Message----- > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > Sent: Wednesday, 21 September 2005 4:43 p.m. > To: Steven Jones > Subject: Re: ssh alternatives > > What would that entry look like in sshd_conf? > > Thanks. > G > > On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > > You can run ssh on 2 different ports and block one interface totally > > with iptables. > > > > Regards > > > > Thing > > > > -----Original Message----- > > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > > Sent: Wednesday, 21 September 2005 4:30 p.m. > > To: General Red Hat Linux discussion list > > Subject: Re: ssh alternatives > > > > Thanks, Thing. > > > > I use AllowUsers -- thats a great directive. > > > > I wonder if its possible to run sshd on two different ports on > > separate interfaces.. > > > > GG > > > > On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote: > > > We run ssh on a non-standard port and have no issues with > scripts.... > > > > > > Anyway options we use, > > > > > > 1) Non-standard ssh port > > > > > > 2) IPtables ruleset to limit ssh connections from known subnets or > > IPs. > > > > > > 3) Add config to sshd_config to only allow ssh connection from > certain > > > users, > > > > > > Eg., > > > > > > AllowUsers me you > > > > > > Tcpwrappers is also an option. > > > > > > We also run iptables to block on other ports eg 80, to our class B > > > > > > Regards > > > > > > Thing > > > > > > > > > -----Original Message----- > > > From: Greg Golin [mailto:greg.golin@xxxxxxxxx] > > > Sent: Wednesday, 21 September 2005 3:46 p.m. > > > To: redhat-list@xxxxxxxxxx > > > Subject: ssh alternatives > > > > > > Following a discussion on slashdot I would like to ask this list's > > > opinion on providing remote access in general and ssh vs other > > > solutions in particular. > > > > > > So here's the deal. I know most of sshd brute force attempts shall > be > > > thwarted by running the daemon on a different port. However, many > > > existing scripts -- too many to change all of them -- rely on > default > > > ssh configuration. At the same time, my devs require constant remote > > > access to the servers. > > > > > > I am currently considering disabling ssh on external interfaces and > > > installing openswan. > > > > > > What is your opinion on this issue? > > > > > > Thanks. > > > G > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list