On Thu, Dec 15, 2005 at 10:02:46PM +0000, kevin bailey wrote: > > > >> - i may need to access the server over ssh from anywhere. > > > > bad idea... what you can do .. the cracker can also do from "anywhere" > > > > at least, lock down incoming ssh from certain ip# > > vi hosts.deny > > ALL : ALL > > > > vi hosts.allow > > sshd: your.own.machine.com > > > > would like to do this - but i also need to be able to access the server from > my laptop which connects over 3G - i.e. different IP address every time. > > but your right - maybe i should set it up as you say most of the time and > open up access for only the time i am away. IF you need this you have several options: - limit the firewall (or the tcp-wrappers config) to the IP address range of your ISP provider if you are being given a dynamic address over the 3G network. Granted, it's not a single IP, but it is far less than the full internet. - lock down the firewall to a list of valid IPs and use a port knocker (check knockd) to have a mechanism to open up the firewall if you need to from a given IP address at a given point in time. Regards Javier
Attachment:
signature.asc
Description: Digital signature