[SSHd] Limiting access from authorized IP's
Eric Zimmerman
heli at mikestammer.com
Fri Apr 18 16:22:36 UTC 2008
Kurt Buff wrote:
> On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman
> <m.seaman at infracaninophile.co.uk> wrote:
>
> At any rate, locking down ssh access is one of my concerns, for sure,
> so this discussion is helpful.
>
Wouldn't turning off password based logins and using public and private
keys (with a strong password) for ssh logins do the trick? if you limit
yourself based on IP addresses, its inevitable that you will need access
from an IP NOT on your exemption list at some time (like when you are on
vacation, at relatives, etc).
Using keys to authenticate ssh sessions has worked very well for me. if
you are concerned about the brute force attempts (which cant work
without the private key which you put a strong password on), you can use
something like denyhosts to block those hosts from even connecting.
hth
Eric
More information about the freebsd-questions
mailing list