Date: Fri, 18 Apr 2008 10:21:35 -0600 From: Eric Zimmerman <heli@mikestammer.com> To: Kurt Buff <kurt.buff@gmail.com> Cc: Paul Schmehl <pauls@utdallas.edu>, Gary Newcombe <gary@pattersonsoftware.com>, freebsd-questions@freebsd.org Subject: Re: [SSHd] Limiting access from authorized IP's Message-ID: <4808CA8F.9020804@mikestammer.com> In-Reply-To: <a9f4a3860804180915v42a8070dia8008a6847bf5909@mail.gmail.com> References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com> <20080418191449.212f43d3.gary@pattersonsoftware.com> <1EBA9459C137D287EEE2560D@utd65257.utdallas.edu> <4808C54B.1090403@infracaninophile.co.uk> <a9f4a3860804180915v42a8070dia8008a6847bf5909@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kurt Buff wrote: > On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman > <m.seaman@infracaninophile.co.uk> wrote: > > At any rate, locking down ssh access is one of my concerns, for sure, > so this discussion is helpful. > Wouldn't turning off password based logins and using public and private keys (with a strong password) for ssh logins do the trick? if you limit yourself based on IP addresses, its inevitable that you will need access from an IP NOT on your exemption list at some time (like when you are on vacation, at relatives, etc). Using keys to authenticate ssh sessions has worked very well for me. if you are concerned about the brute force attempts (which cant work without the private key which you put a strong password on), you can use something like denyhosts to block those hosts from even connecting. hth Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4808CA8F.9020804>