Re: ssh alternatives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sweet. *ignores wife, logs in to implement*


Thanks!
GG

On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote:
> One port per line, eg.,
> 
> Port 49
> Port 22
> 
> Regards
> 
> Steven
> 
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin@xxxxxxxxx]
> Sent: Wednesday, 21 September 2005 4:43 p.m.
> To: Steven Jones
> Subject: Re: ssh alternatives
> 
> What would that entry look like in sshd_conf?
> 
> Thanks.
> G
> 
> On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote:
> > You can run ssh on 2 different ports and block one interface totally
> > with iptables.
> >
> > Regards
> >
> > Thing
> >
> > -----Original Message-----
> > From: Greg Golin [mailto:greg.golin@xxxxxxxxx]
> > Sent: Wednesday, 21 September 2005 4:30 p.m.
> > To: General Red Hat Linux discussion list
> > Subject: Re: ssh alternatives
> >
> > Thanks, Thing.
> >
> > I use AllowUsers -- thats a great directive.
> >
> > I wonder if its possible to run sshd on two different ports on
> > separate interfaces..
> >
> > GG
> >
> > On 9/20/05, Steven Jones <Steven.Jones@xxxxxxxxx> wrote:
> > > We run ssh on a non-standard port and have no issues with
> scripts....
> > >
> > > Anyway options we use,
> > >
> > > 1) Non-standard ssh port
> > >
> > > 2) IPtables ruleset to limit ssh connections from known subnets or
> > IPs.
> > >
> > > 3) Add config to sshd_config to only allow ssh connection from
> certain
> > > users,
> > >
> > > Eg.,
> > >
> > > AllowUsers me you
> > >
> > > Tcpwrappers is also an option.
> > >
> > > We also run iptables to block on other ports eg 80, to our class B
> > >
> > > Regards
> > >
> > > Thing
> > >
> > >
> > > -----Original Message-----
> > > From: Greg Golin [mailto:greg.golin@xxxxxxxxx]
> > > Sent: Wednesday, 21 September 2005 3:46 p.m.
> > > To: redhat-list@xxxxxxxxxx
> > > Subject: ssh alternatives
> > >
> > > Following a discussion on slashdot I would like to ask this list's
> > > opinion on providing remote access in general and ssh vs other
> > > solutions in particular.
> > >
> > > So here's the deal. I know most of sshd brute force attempts shall
> be
> > > thwarted by running the daemon on a different port. However, many
> > > existing scripts -- too many to change all of them -- rely on
> default
> > > ssh configuration. At the same time, my devs require constant remote
> > > access to the servers.
> > >
> > > I am currently considering disabling ssh on external interfaces and
> > > installing openswan.
> > >
> > > What is your opinion on this issue?
> > >
> > > Thanks.
> > > G
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux