On Wed, May 19, 2004 at 12:59:05PM +0800, Edward wrote: ..... > So, I was thinking about setting up dyndns or no-ip addresses for these > servers, then opening up the firewall for either ssh or VPN. None of my > customers have a static internet address. DynDNS costs money small as it is and you still have to script the discovery of the DHCP assigned address. Since you have to do that anyhow there is no reason you cannot simply update a resource you own via ftp, scp, email, what ever. Heck a simple wget from a periodic cron job of a small special file name on your web site will log the ipaddress that you need to ssh into the box. The file does not need to exist. Also knowing the IP address that each box is on you can now do a polite port scan as part of the service. Check also for open mail relays. SSH is about as secure as you can get. SSH in as a normal user then use a second passwd to su/sudo what you need to do. -- T o m M i t c h e l l /dev/null the ultimate in secure storage.
