Best practices for securing SSH server

Daniel Underwood djuatdelta at
Tue Jun 23 01:16:37 UTC 2009

On a BSD box at work (at an extremely fast connection and static IP),
I run an SSH server.  I am the only person who uses the server, but I
use it from some locations that are behind a dynamic IP (so I can't
set pf rules to filter by IP).  I will always, however, use the same
laptop to connect to the server.  Due to the speed and location of the
connection, it's a relatively high-risk target.

What are some good practices for securing this SSH server.  Is using a
stored key safer than a password in this instance? I have no
experience with port-knocking, but I'd appreciate some tips or
suggested beginning references... I welcome any and all advice.

Note: I do require X11 forwarding (not sure whether that's relevant information)


More information about the freebsd-questions mailing list