Re: Securing SSH

[Mike Klinke <lsomike futzin com>]

On Friday 09 January 2004 17:52, Roland Venter wrote:
> I need to manage several servers remotely via SSH, I'm interested
> in ways to secure the connection and prevent unauthorised access.
>
> My thoughts:
> Limit access to only allow remote connections from our management
> network via iptables rules. Works but what if our ISP changes our
> fixed IP, which means we are effectively locked out from all the
> servers and requires a site visit to update the rules.
>
> We also need to provide access to engineers working from home using
> dialup, etc
>
> Some sort of client certificates to supplement username and
> password,
>
> Recommendations on securing the SSH daemon etc
>
> Any ideas and tips appreciated

One option may be to run sshd from xinetd using its "only_from" 
syntax. Certainly, your ISP will give you ample warning of a static 
IP change, no?

Regards,  Mike Klinke