ssh alternatives
Greg Golin
greg.golin at gmail.com
Wed Sep 21 04:53:53 UTC 2005
sweet. *ignores wife, logs in to implement*
Thanks!
GG
On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> One port per line, eg.,
>
> Port 49
> Port 22
>
> Regards
>
> Steven
>
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin at gmail.com]
> Sent: Wednesday, 21 September 2005 4:43 p.m.
> To: Steven Jones
> Subject: Re: ssh alternatives
>
> What would that entry look like in sshd_conf?
>
> Thanks.
> G
>
> On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> > You can run ssh on 2 different ports and block one interface totally
> > with iptables.
> >
> > Regards
> >
> > Thing
> >
> > -----Original Message-----
> > From: Greg Golin [mailto:greg.golin at gmail.com]
> > Sent: Wednesday, 21 September 2005 4:30 p.m.
> > To: General Red Hat Linux discussion list
> > Subject: Re: ssh alternatives
> >
> > Thanks, Thing.
> >
> > I use AllowUsers -- thats a great directive.
> >
> > I wonder if its possible to run sshd on two different ports on
> > separate interfaces..
> >
> > GG
> >
> > On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> > > We run ssh on a non-standard port and have no issues with
> scripts....
> > >
> > > Anyway options we use,
> > >
> > > 1) Non-standard ssh port
> > >
> > > 2) IPtables ruleset to limit ssh connections from known subnets or
> > IPs.
> > >
> > > 3) Add config to sshd_config to only allow ssh connection from
> certain
> > > users,
> > >
> > > Eg.,
> > >
> > > AllowUsers me you
> > >
> > > Tcpwrappers is also an option.
> > >
> > > We also run iptables to block on other ports eg 80, to our class B
> > >
> > > Regards
> > >
> > > Thing
> > >
> > >
> > > -----Original Message-----
> > > From: Greg Golin [mailto:greg.golin at gmail.com]
> > > Sent: Wednesday, 21 September 2005 3:46 p.m.
> > > To: redhat-list at redhat.com
> > > Subject: ssh alternatives
> > >
> > > Following a discussion on slashdot I would like to ask this list's
> > > opinion on providing remote access in general and ssh vs other
> > > solutions in particular.
> > >
> > > So here's the deal. I know most of sshd brute force attempts shall
> be
> > > thwarted by running the daemon on a different port. However, many
> > > existing scripts -- too many to change all of them -- rely on
> default
> > > ssh configuration. At the same time, my devs require constant remote
> > > access to the servers.
> > >
> > > I am currently considering disabling ssh on external interfaces and
> > > installing openswan.
> > >
> > > What is your opinion on this issue?
> > >
> > > Thanks.
> > > G
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list