Re: [tlug] attack via ssh? (don't panic :-P)

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Michael" == Michael Reinsch <mr@example.com> writes:

    Michael> In my case I also cannot predict from which IP address I
    Michael> and my users are going to login, so static rules aren't
    Michael> very helpful.

I can't either, but I can limit it to one of a half-dozen networks.
Of course, six of those are Class B or bigger, but still, there are
65536 Class B-sized blocks, so I've cut it by 99% or more.  :-)

A second strategy I use is that most of my hosts permit logins only
from one host, which has _no_ personal ssh keys stored there.  So I
ssh to that host with agent enabled, and then either set up a tunnel
to the host I need to work on, or ssh and temporarily open a hole in
the firewall if necessary.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.