bulliver at badcomputer.no-ip.com
Mon Sep 13 01:09:02 CEST 2004
quoth the Chris Brenton:
> A VPN is probably overkill as SSH is already a VPN (strong built in
> authentication and encryption. Heck, I'll take Blowfish over 3DES or AES
> for privacy any day of the week :). Two other options come to mind:
> 1) Bind SSH to a non-standard port
> Yes someone doing a full port scan can still find it, blah, blah, blah.
> I've been running this for years and have yet to receive a single
> non-authorized connect to the port that has actually performed an SSH
> 2) Setup port knocking
> I know a few people that have set this up with great success. Sure its
> vulnerable to replay, but since we're talking SSH that's not really a
> problem. Great way to expose ports to only certain users.
> So with either option you still want to use public/private keys or
> strong passwords with SSH. They are designed to simply mask the service
> from all the SSH scanning that's running around the Internet.
Port knocking is some serious black magic. This is very interesting, and seems
to be ideal for me, because I only need this access for short periods (1-2
weeks) a couple times a year.
Thanks very much for the tip,
Part of the problem since 1976
Get my public key from
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20040912/ff5a09c3/attachment.bin
More information about the netfilter