Hi, On 27/03/2016 10:04 AM, Tom Browder wrote: > On Saturday, March 26, 2016, Andrew McGlashan > I usually restrict with known IP addresses (static ones) and sometimes > with users having to be in a specific group that allows ssh. Also, > authorized keys enforced instead of passwords. > > At the moment I'm the sole user, although I'm considering giving limited > access to a few folks later. How do you manage the server while > traveling--some kind of personal VPN? I have access to a couple of servers via a secure RDP tool [1] that I can work from, those servers have a static IP and those IPs are in my allowed list. Firewall's stop access unless it isn't coming from the right locations and I also implement hosts.deny and hosts.allow in the mix. I used to have a static IP HSPA service, I should have kept that as it gives static IP on a 4G LTE network (actually I think it was only a 3G network). In the past I have rebuilt an Oracle database from export dump files via a Nokia 9000 Communicator's terminal app with a 9600 baud GSM modem.... who say's Apple were first to /real/ smart phones ;-) Have considered port knocking, but never set that up. There are lots of options I can work with, even an email to my own mail server, specially crafted to run a script to open up the connecting IP. Another option would be to setup OpenVPN.... that shouldn't be too hard, but I haven't had to do it, yet. So, right now, it is more simple with the AADS servers being available. Kind Regards AndrewM [1] http://aads-worldwide.com/
Attachment:
signature.asc
Description: OpenPGP digital signature