Date: Mon, 22 Jun 2009 22:39:55 -0400 From: "Earl E. Gay III" <earl@eeg3.net> To: Daniel Underwood <djuatdelta@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <ff44cb250906221939s1f264ee3j338b8eea918a7791@mail.gmail.com> In-Reply-To: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 22, 2009 at 9:16 PM, Daniel Underwood <djuatdelta@gmail.com>wrote: > On a BSD box at work (at an extremely fast connection and static IP), > I run an SSH server. I am the only person who uses the server, but I > use it from some locations that are behind a dynamic IP (so I can't > set pf rules to filter by IP). I will always, however, use the same > laptop to connect to the server. Due to the speed and location of the > connection, it's a relatively high-risk target. > > What are some good practices for securing this SSH server. Is using a > stored key safer than a password in this instance? I have no > experience with port-knocking, but I'd appreciate some tips or > suggested beginning references... I welcome any and all advice. > > Note: I do require X11 forwarding (not sure whether that's relevant > information) > > TIA, > Daniel > Even though your IP is dynamic, I'd imagine you could still set pf rules to only allow SSH from certain IP ranges, which is better than nothing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ff44cb250906221939s1f264ee3j338b8eea918a7791>