OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access

[Tim]

On Sat, 2008-08-30 at 09:59 +0100, Frank Murphy wrote:
> I mean only allow ssh access from those two scenarios,
> my laptop + an F9 usb-stick.
>
> because there are attempts by "fluffy" and other(s) to access the box.

Well, if your own computers are from fixed IPs, you can set those into a
list of IPs allowed to connect.  However, that doesn't stop someone else
who's able to get the same IP from trying.

Good passwords, and only using the newer SSH2 protocol, makes it damn
hard for anyone else to get in.  They can try, and that's about it.

Something like fail2ban will automatically firewall off someone who
tries and fails, so they don't get to try again.  There's a few of those
sort of things, which will auto-blacklist addresses for a while.  It
could be a permanent blacklist, but you'd only want to do that if there
was no chance of accidentally locking yourself out.

Look into finding and using fail2ban.  I think that's your best way to
handle it.

-- 
[tim at localhost ~]$ uname -r
2.6.25.14-108.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.