Securing SSH
Mike Klinke
lsomike at futzin.com
Sat Jan 10 03:32:01 UTC 2004
On Friday 09 January 2004 17:52, Roland Venter wrote:
> I need to manage several servers remotely via SSH, I'm interested
> in ways to secure the connection and prevent unauthorised access.
>
> My thoughts:
> Limit access to only allow remote connections from our management
> network via iptables rules. Works but what if our ISP changes our
> fixed IP, which means we are effectively locked out from all the
> servers and requires a site visit to update the rules.
>
> We also need to provide access to engineers working from home using
> dialup, etc
>
> Some sort of client certificates to supplement username and
> password,
>
> Recommendations on securing the SSH daemon etc
>
> Any ideas and tips appreciated
One option may be to run sshd from xinetd using its "only_from"
syntax. Certainly, your ISP will give you ample warning of a static
IP change, no?
Regards, Mike Klinke
More information about the fedora-list
mailing list