Provide SSH to someone w/ dynamic IP address {Scanned}
Mike Vanecek
rh_list at mm-vanecek.cc
Sun Sep 5 14:07:00 UTC 2004
On Sat, 4 Sep 2004 12:42:54 +0200, Volker Kindermann wrote
> Hi,
>
> > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the
range
> > of ip addresses he is getting is so large, it will defeat the purpose to
> > blocking ssh because I would have to open up to so many ranges. Is there
any
> > solution?
>
> it might be necessary to open port 22 for all ip-addresses.
>
> To lock it down, you may want to put the allowed ssh-users in a
> group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config.
>
> Additionally you may want to disable password-login and allow only
> key-based login.
>
> So your ssh should be sufficiently save.
I understand his concern. SSH has had its problems in the past. I just had to
recover totally an old system for someone that had not kept up with updates
and got zapped with a ssh exploit.
More information about the redhat-list
mailing list