[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: seawolf-list@listman.redhat.com
- From: "A.J. Werkman" <werkman digifarma nl>
- To: seawolf-list redhat com
- Cc: John Summerfield <summer os2 ami com au>
- Subject: Re: seawolf-list@listman.redhat.com
- Date: Sun, 10 Jun 2001 21:51:48 +0200
At 20:09 10-06-2001 +0800, you wrote:
> At 00:23 10-06-2001 +0800, you wrote:
> > > Configuring SSH I was wondering what is the safest way to restrict
access
> > > to my linux box.
> > > Is in this respect sshd safe enough to have the service port made
> > > accessible from the internet and grant only access lets say on a per
> > person
> > > basis??
> >
> >
> >I think you should be using iptables to control access from specific
> >hosts. There's been quite a deal of discussion here about
> >ipchains/iptables recently - check the archives if you don't have it.
>
> Of course, but SSH should add security value to that.
You missed the point - configure iptables so only allowed hosts get so far
as to talk to ssh.
Not exactly. Imagine me being somwhere (on holiday;) ) on the internet,
getting an IP address assigned from an ISP and wanting to contact my linux
box. I do not know in advance which address I will get assigned. So I can't
even configure on a per host basis. Also it is possible to forge an IP
address. I believe so called in between attacks.
The sollution would be to use VPN's like cipe. But I was wondering if ssh
is that secure, with encryption, digital certificates and signatures, that
it could be used without the use of VPN safety. That would make life a lot
easier.
Koos
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]