Re: configure ssh-access
Hi,
On Wed Jul 09, 2003 at 23:16:51 +0200, François TOURDE wrote:
> > By allowing connections from only a
> > few IP address blocks, you cut out most of the crackers in the world, but
> > don't have to mess with dynamic DNS and lack of reverse lookup; A good
> > tradeoff between security and convenience.
>
> Even with fake/forged IP's ?
SSH is TCP-based. IP spoofing on the internet is very hard to do.
> You can also imagine a knoking (? toc toc toc) mechanism: One ping,
> followed by two telnet packets, then 4 ftp or whatever packets, and
> then your ip is allowed to try a ssh connection...
This is security by obscurity. Approaches like this have been discussed
on this list before. It is the somewhat convoluted equivalent of a
plaintext password authentication scheme layered on top of SSH.
Regards,
uLI
Reply to: