Finding IP Addresses (OT)
pauls at utdallas.edu
pauls at utdallas.edu
Fri Aug 11 03:20:23 UTC 2006
--On August 11, 2006 9:02:14 AM +0700 Olivier Nicole <on at cs.ait.ac.th>
wrote:
> Beno,
>
>> I'm configuring my IP filter and I need to figure out what IP addresses
>> I use (via SSH2) to contact my server.
>
> I'd advise you not to filter SSH by IP, that would be the best way to
> lock you out of your server.
>
> Even if you find all the IP used by your ISP, you cannot predict when
> the IP range will change, and it DOES change.
>
> If you limit the IP that can SSH to your server, you will not be able
> to login when you are traveling and some urgent administration task
> need to be performed. And the most urgent tasks must often be
> performed when traveling...
>
You're making some assumptions that I don't think you can make. For
example, I have a publicly accessible server at work that does not change
IPs. So, even if nothing else will work, I can always get back in to my
servers through that server. It's a form of a bastion host.
Also, when I'm traveling, I can always get in through that server, so I
never open up an IP from where I'm traveling.
His situation may be similar, who knows. He may also be as paranoid as I
am. :-)
> Set a strong password to your account (8+ characters, using letters up
> and lower case, numbers and punctuation signs), do not allow SSH to
> root account, enforce using sudo instead of su.
>
All excellent suggestions, which he should implement, regardless of
whether he also chooses to restrict access by IP.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list