[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Planning for Summer/ssh



Mark,
	yes, i was suggesting using protocol 2 only, but you don't have to
be as paranoid as i am. on the other hand, download cygwin and dump
protocol 1. only the paranoid survive, that is, some of them. julius

On Thu, 18 Apr 2002, Mark Orenstein wrote:

> Thanks for the input.  I will try this next week when we return from
> vacation.  One question for now.  The PC I will be using runs W98 and I've
> been using the ttssh program.  Does the 2 in your reply refer to ssh2
> protocols?  I don't think that ttssh supports these.

Mark
>
> 	I think you can get away without the script. here is how: set
> PasswordAuthentication No, set RootLogin No, set Protocol 2, add your
> public keys to ~/.ssh/authorized_keys2, remaove ssh-keygen command, open
> port 22 to the server.  provided that nobody else has keys generated, you
> are home free. if this is not the case, check in /etc/profile for ssh
> logins from the outside and zap everyone but yours. good luck, julius
>
> On Thu, 18 Apr 2002, Mark Orenstein wrote:
>
> > I'm thinking ahead to the summer when I only have dial up access and my IP
> > address will be constantly changing. Right now with my home cable modem,
> my
> > IP address is "unchanging" and I only allow external ssh access to the
> > school server from this address via an iptable rule. This won't work for
> the
> > summer where I will only have dial up access to the Internet.
> >
> > I would still like to keep the iptable rule and was thinking of ways that
> I
> > could dynamically update the table. One thought that I had was to send an
> > email to the server with the body containing my current IP address. Is it
> > possible that receipt of an email can cause a script to be executed? If
> so,
> > I think that I could write a script that would obtain the IP address from
> > the email body and issue the proper iptable command. Once I get into the
> > email server, I can then ssh from it to any of the other servers inside
> the
> > school system's network .
> >
> > Or better yet, does anyone else have an already written script similar to
> > the above.
> >
> > Is there a better/simpler way of doing this?
> >
> > Mark Orenstein
> > East Granby, CT School System





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]