On Mon, Aug 13, 2007 at 12:29:14PM -0400, Mark A. Hoover
wrote:> > Hi Andrew,
> >
> > You are quite correct, I agree with you, its not really a good idea at
all.
> >
> > End goal in this case was to secure ssh.
> > I only wanted to allow ssh in from the internet from static IPs I
know(work)
> > and from my home(which was a dyndns address hence the problem).
> >
> > A better way would probably be to secure ssh better perhaps with ssh
rate
> > limiting or something?
> >
> > I have changed all my rules to only use IPs now as that is better.
> >
> > Thanks for the feedback.
>
> I haven''t tried this personally, but you could also look into Port
> Knocking...
>
> http://www.shorewall.net/PortKnocking.html
It''s virtually useless against anything other than the
internet-flooding worms. This is what we have passwords and RSA keys
for - you''re far better off adding a couple more characters to the
length of your password, and it''s less hassle.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/