Re: configure ssh-access
Le 12240ième jour après Epoch,
Mario Ohnewald écrivait:
> Hello!
>
>>-----Original Message-----
>>From: Anne Carasik [mailto:gator@mail.cacr.caltech.edu]
>>Sent: Monday, July 07, 2003 5:05 PM
>>To: klaus@came.sbg.ac.at
>>Cc: debian-security@lists.debian.org
>>Subject: Re: configure ssh-access
>>
>>
>>Why not just limit the access through SSH public key?
>>It sounds like that would accomplish what you're trying
>>to do.
>
> I think this problem should not be solved with configuring sshd.
Wrong... You can configure sshd to accept only login from recognized keys,
and let the firewall open.
> I solved it with iptables script which resolv my dynamic host every 5mins,
> and then reload the firewall if needed.
So, on some case, you must wait 5 mins to connect ?
> A ssh solution has the disadvantage that if it is buggy, a sshd config
> change might not save your box from unallowed access. That is my i block my
> ssh daemon, cause the posibility is there that there might be a ssh exploit
> soon ;)
And what if dynamic host not correctly set ? Somebody getting your previous IP
have 5 mins to accomplish some weird job. And it's 4.9 mins more than needed :)
--
DOS: n., A small annoying boot virus that causes random spontaneous system
crashes, usually just before saving a massive project. Easily cured by
UNIX. See also MS-DOS, IBM-DOS, DR-DOS.
(from David Vicker's .plan)
--
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:francois@tourde.org - URL: http://francois.tourde.org/
Reply to: