Security Basics mailing list archives
RE: ssh login protection
From: LordInfidel <LordInfidel () Directionweb com>
Date: Wed, 3 Dec 2003 17:10:19 -0500
amongst some of the other suggestions that have been brought up. Install and configure FreeS/Wan to accept road-warrior connections. Once your connected to it over the vpn and get a pvt IP address from the box, you can easily ssh into the box over the vpn. As long as you put in your hosts.allow file the ip of the pvt address, you will be good to go. Then you do not have to rely on third parties for your connections or potential key compromises. JMO LordInfidel -----Original Message----- From: Edmund [mailto:cc () belfordhk com] Sent: Monday, December 01, 2003 10:17 PM To: security-basics () securityfocus com Subject: ssh login protection Hi, I was wondering if someone could clarify something for me. I often ssh into two mail servers from dialup(thus dynamic ip) at home. Right now, I specify which IPs that can ssh into the two machines but for dynamic IPs, I can't do that unless I go crazy and allow xx.xx.xx.xx/16, which is not very secure. But due to the importance of me needing to ssh to the servers, I've been 'slacking' off the security and allowing a certain range of IPs (those that I'm certain are from my ISP at home). Can someone tell me if this is the appropriate way? Or do I allow any IPs from sshing? The reason why I'm asking is that I'll be taking a holiday and believe I'll also need to ssh to the mail servers. I don't know the IPs ahead of time since where I'll be staying, it'll also be dynamically assigned. Is there a solution to this problem? I don't want to open the servers to attacks from any SSH-related issues that crackers would take advantage of. Any help appreciated --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- ssh login protection Edmund (Dec 02)
- Re: ssh login protection Andreas Schubert (Dec 02)
- Re: ssh login protection Burak Bilen (Dec 03)
- <Possible follow-ups>
- RE: ssh login protection Shawn Jackson (Dec 02)
- RE: ssh login protection LordInfidel (Dec 03)
- RE: ssh login protection Tony Kava (Dec 04)