Re: web alternative to knockd for a "secure" sshd server?

["Nick Demou" <ndemou@gmail.com>]

On 4/20/07, Roberto C. Sánchez <roberto@connexer.com> wrote:
> On Fri, Apr 20, 2007 at 12:47:20PM +0300, Nick Demou wrote:
> > [...]
> > Any other idea of simple measures that will keep as many attackers
> > away from the one and only service that is listening to the Internet?
> >
> Well, if which outbound ports are available is a real concern, then
> consider the following:
>
>  - rate-limit new ssh connections (I use this)
> [this] will keep your logs from getting cluttered (and will also slow
> attackers down greatly so that they take longer to get to other people's
> machines).

do you mean to configure iptables in order to limit cons/min?
what rules do you use? any pointer to the web?

>  - force key-only authentication
> [this] makes it impossible for a dictionary attack to
> ever succeed.

That one I can't do in some cases because I'll lose the ability to
connect from some random PC. I rarely need this but when I do  I need
it badly :)