On Sun, 2004-11-14 at 06:26, J.L. Coenders wrote: > Ok, so if you place it on a non-standard port, disable the root login, etc. it > is possible. > Is it also possible to allow ssh traffic from for instance a few ip addresses? > Because I am limited to I guess two or three ip's. Yeah, unlike some packages, SSH has had a lot of eyes on it from both sides. The 'brute force' attacks they talked about was apparently for Cisco Catalyst routers (or whatever) and always try the same usernames/passwords; not too complicated, yet. But it's best to be safe, not sorry. Around here I have root logins turned off, 'publickey's only, and then limit the logins to a handful of non-root users (not things like bin/daemon/nobody: just a couple) and it's been fine. Unless someone is really trying hard, it won't be opened...but make sure to keep doing your updates. Personally, I don't care for putting them on non-standard ports, since real attackers will find it wherever they are and it just makes the day-to-day a little tougher...like turning of ICMP packets and such. But that's up to you. Enjoy! -- ------------------------------------------------------------------------ Brian FahrlÃnder Christian, Conservative, and Technomad Evansville, IN http://www.fahrlander.net ICQ 5119262 AIM: WheelDweller ------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
