nanog mailing list archives
Re: a record?
From: Yann Berthier <yb () bashibuzuk net>
Date: Sun, 20 Nov 2005 21:12:10 +0100
On Sun, 20 Nov 2005, Suresh Ramasubramanian wrote:
On 11/20/05, Alexei Roudnev <alex () relcom net> wrote:Other approach exists as well - SecureID on firewall. Login to firewall, authenticate, and have dynamic access list which opens ssh for you (and still keep ssh on port != 22).Or VPN in, or set up a tunnel of some sort. Have ssh available over the tunneled interface. Yup, lots of options available. Though, if you have a secure ssh and reasonable control of your passwords it is probably safe to leave it at port 22 rather than resorting to security by obscurity measures like running it on a higher number port or (as at least one webhost does) running it on 443, with some kind of shim listening on that port, intercepting requests to it and redirecting them to apache or sshd as appropriate.
Amen. Now, without any consideration regarding security, obscurity or
whatever, I'd say that having an sshd on port 443 somewhere is a good
idea if you happen to use a gprs network where all except 'web' ports
are filtered (orange.fr comes to mind - at least they used to do that
when i was still living in france)
- yann
Current thread:
- Re: a record?, (continued)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Austin McKinley (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Sean Donelan (Nov 19)
- Re: a record? Elmar K. Bins (Nov 20)
- Re: a record? Patrick W. Gilmore (Nov 20)
- Re: a record? Alexei Roudnev (Nov 20)
- Re: a record? Elmar K. Bins (Nov 20)
- Re: a record? Yann Berthier (Nov 20)
- Re: a record? Suresh Ramasubramanian (Nov 20)
- Re: a record? Yann Berthier (Nov 21)
- Re: a record? Suresh Ramasubramanian (Nov 16)