Provide SSH to someone w/ dynamic IP address {Scanned}
Lew Bloch
conrad at lewscanon.com
Sun Sep 5 01:29:59 UTC 2004
>> How about moving sshd from 22 to another port (85?) that only you and he
>> would know. Then he would ssh to -p 85. Anyone ssh to -p 22 would get a
>> timeout.
>
> Thought about that...but if anyone is port scanning my network they would
> evently find the open port and it's a matter to time.
OK, then they know you exist, but that doesn't necessarily mean they can
compromise your system. I haven't figured out how to be generally
invisible except to friendlies, but one can allow ingress to members of
only specific groups via the /etc/ssh/sshd_config "AllowGroups" entry
(or to specific users via "AllowUsers").
For example, you can create a group "frobozz" and put your friend's id
in that group, then put a line in /etc/ssh/sshd_config
"AllowGroups" frobozz
Of course, you'll also want to have a line
PermitRootLogin no
I, too, am curious how to make the port visible to only the select few,
but I don't think it can be done. The best I've found is to deny entry
to those undesirables who do find my (non-standard) SSH port. Is there
such a magic bullet?
More information about the redhat-list
mailing list