ssh alternatives

[Ryan Golhar]

I had the same problem.  In the end, I determined that my user base only
gets remote access in from several ISPs, so I allow those ISP in through
/etc/hosts.allow.

I still keep an eye on the ssh logs for any attempts through those ISPs
but it happens rarely, plus we enforce strong passwords here as well.

Our organization is employing VPN access to those who need it so in the
near future our users will have to VPN into the organization, then ssh
to the machines they need access to.  I've been testing it and it works
well, but concerned about the process of getting a VPN account.

Ryan


-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Greg Golin
Sent: Tuesday, September 20, 2005 11:46 PM
To: redhat-list at redhat.com
Subject: ssh alternatives


Following a discussion on slashdot I would like to ask this list's
opinion on providing remote access in general and ssh vs other solutions
in particular.

So here's the deal. I know most of sshd brute force attempts shall be
thwarted by running the daemon on a different port. However, many
existing scripts -- too many to change all of them -- rely on default
ssh configuration. At the same time, my devs require constant remote
access to the servers.

I am currently considering disabling ssh on external interfaces and
installing openswan.

What is your opinion on this issue?

Thanks.
G

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list