Re: configure ssh-access

To: debian-security@lists.debian.org
Subject: Re: configure ssh-access
From: scholler@fnb.tu-darmstadt.de (Ulrich Scholler)
Date: Thu, 10 Jul 2003 00:44:14 +0200
Message-id: <[🔎] 20030709224414.GB26768@fnb.tu-darmstadt.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87isqbe6yk.fsf@tourde.org>
References: <[🔎] KCEDJBGKMKIFFMDGHANOMEKFEDAA.mario.ohnewald@gmx.de> <[🔎] 87k7augrue.fsf@tourde.org> <[🔎] 20030709191205.GB2185@llama.nslug.ns.ca> <[🔎] 87isqbe6yk.fsf@tourde.org>

Hi,

On Wed Jul 09, 2003 at 23:16:51 +0200, François TOURDE wrote:
> >  By allowing connections from only a
> > few IP address blocks, you cut out most of the crackers in the world, but
> > don't have to mess with dynamic DNS and lack of reverse lookup;  A good
> > tradeoff between security and convenience.
> 
> Even with fake/forged IP's ?

SSH is TCP-based.  IP spoofing on the internet is very hard to do.

> You can also imagine a knoking (? toc toc toc) mechanism: One ping,
> followed by two telnet packets, then 4 ftp or whatever packets, and
> then your ip is allowed to try a ssh connection...

This is security by obscurity.  Approaches like this have been discussed
on this list before.  It is the somewhat convoluted equivalent of a
plaintext password authentication scheme layered on top of SSH.

Regards,

uLI

Reply to:

References:
- RE: configure ssh-access
  - From: "Mario Ohnewald" <mario.ohnewald@gmx.de>
- Re: configure ssh-access
  - From: francois@tourde.org (François TOURDE)
- Re: configure ssh-access
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: configure ssh-access
  - From: francois@tourde.org (François TOURDE)

Prev by Date: Re: configure ssh-access
Next by Date: Re: configure ssh-access
Previous by thread: Re: configure ssh-access
Next by thread: Re: configure ssh-access
Index(es):
- Date
- Thread