Securing SSH access
Daniel
teletautala at gmail.com
Fri Mar 28 21:27:14 MDT 2008
I say if you can enforce key-based authentication that is the way to go.
-Daniel
On Fri, Mar 28, 2008 at 9:12 PM, Dave Smith <dave at thesmithfam.org> wrote:
> In the past, I have used /etc/hosts.[deny|allow] to secure my SSH server
> by restricting access to a limited number of IP addresses. This has
> worked very well for me over the past 3 or 4 years, but now I need to
> allow access to a non-enumerable set of client IP addresses, so I am
> considering alternate methods. The first method on my list is to require
> key-based authentication (no passwords). Secondly, I'm thinking about
> using an alternate port (ie, 2222 instead of 22) simply to ward off
> automated botnet logins.
>
> Does anyone see a problem with this? Any other ideas?
>
> Thanks in advance!
>
> --Dave
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
More information about the PLUG
mailing list