ssh alternatives

Steven Jones Steven.Jones at vuw.ac.nz
Wed Sep 21 04:48:56 UTC 2005 

One port per line, eg.,

Port 49
Port 22

Regards

Steven

-----Original Message-----
From: Greg Golin [mailto:greg.golin at gmail.com] 
Sent: Wednesday, 21 September 2005 4:43 p.m.
To: Steven Jones
Subject: Re: ssh alternatives

What would that entry look like in sshd_conf?

Thanks.
G

On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> You can run ssh on 2 different ports and block one interface totally
> with iptables.
> 
> Regards
> 
> Thing
> 
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin at gmail.com]
> Sent: Wednesday, 21 September 2005 4:30 p.m.
> To: General Red Hat Linux discussion list
> Subject: Re: ssh alternatives
> 
> Thanks, Thing.
> 
> I use AllowUsers -- thats a great directive.
> 
> I wonder if its possible to run sshd on two different ports on
> separate interfaces..
> 
> GG
> 
> On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> > We run ssh on a non-standard port and have no issues with
scripts....
> >
> > Anyway options we use,
> >
> > 1) Non-standard ssh port
> >
> > 2) IPtables ruleset to limit ssh connections from known subnets or
> IPs.
> >
> > 3) Add config to sshd_config to only allow ssh connection from
certain
> > users,
> >
> > Eg.,
> >
> > AllowUsers me you
> >
> > Tcpwrappers is also an option.
> >
> > We also run iptables to block on other ports eg 80, to our class B
> >
> > Regards
> >
> > Thing
> >
> >
> > -----Original Message-----
> > From: Greg Golin [mailto:greg.golin at gmail.com]
> > Sent: Wednesday, 21 September 2005 3:46 p.m.
> > To: redhat-list at redhat.com
> > Subject: ssh alternatives
> >
> > Following a discussion on slashdot I would like to ask this list's
> > opinion on providing remote access in general and ssh vs other
> > solutions in particular.
> >
> > So here's the deal. I know most of sshd brute force attempts shall
be
> > thwarted by running the daemon on a different port. However, many
> > existing scripts -- too many to change all of them -- rely on
default
> > ssh configuration. At the same time, my devs require constant remote
> > access to the servers.
> >
> > I am currently considering disabling ssh on external interfaces and
> > installing openswan.
> >
> > What is your opinion on this issue?
> >
> > Thanks.
> > G
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
>

More information about the redhat-list mailing list