Re: ssh dictionary attacks
- From: Sheldon T. Hall - DO NOT MAIL <aquaman@xxxxxxxxxxxxxxxxx>
- Date: Fri, 18 Aug 2006 19:31:20 -0700
On Fri, 18 Aug 2006 16:04:37 GMT, Chuck
Sheldon T. Hall - DO NOT MAIL wrote:
The easiest way to secure your server's SSH port is to just firewall
it completely from the 'net, and have a portknocking arrangement that
selectively opens the SSH port to the IP address that correctly
knocked on the secret port.
Of course, you'd still want all the usual SSH security stuff, too:
restrict the access list to particular users, disallow direct root
logins, require keys, etc.
How do you get the ssh client to "knock first before entering"?
I just use telnet to do the knocking, before firing up the SSH client.
If I were setting this up for other folks, or had to do it from
different places a lot, I'd have a batch/shell program that telnets to
the knocking ports on the server, waits a bit, then starts the SSH
- Prev by Date: Re: McAfee and CygWin SSH
- Next by Date: ssh is hard to use
- Previous by thread: Re: ssh dictionary attacks
- Next by thread: ssh is hard to use