Provide SSH to someone w/ dynamic IP address {Scanned}
Volker Kindermann
ml at ps102.de
Sat Sep 4 10:42:54 UTC 2004
Hi,
> I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range
> of ip addresses he is getting is so large, it will defeat the purpose to
> blocking ssh because I would have to open up to so many ranges. Is there any
> solution?
it might be necessary to open port 22 for all ip-addresses.
To lock it down, you may want to put the allowed ssh-users in a group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config.
Additionally you may want to disable password-login and allow only key-based login.
So your ssh should be sufficiently save.
-volker
More information about the redhat-list
mailing list