On Friday 09 January 2004 17:52, Roland Venter wrote: > I need to manage several servers remotely via SSH, I'm interested > in ways to secure the connection and prevent unauthorised access. > > My thoughts: > Limit access to only allow remote connections from our management > network via iptables rules. Works but what if our ISP changes our > fixed IP, which means we are effectively locked out from all the > servers and requires a site visit to update the rules. > > We also need to provide access to engineers working from home using > dialup, etc > > Some sort of client certificates to supplement username and > password, > > Recommendations on securing the SSH daemon etc > > Any ideas and tips appreciated One option may be to run sshd from xinetd using its "only_from" syntax. Certainly, your ISP will give you ample warning of a static IP change, no? Regards, Mike Klinke
