[clug] secure remote access method
Steve McInerney
steve at stedee.id.au
Fri Jun 19 01:15:02 GMT 2009
On Fri, 2009-06-19 at 09:40 +1000, jm wrote:
> With the mc-root discussion I thought I'd start a thread to ask a few
> questions about secure remote access to a home server. Given that we all
> like to have remote access to our home machines so that we can tweak the
> occassional setting or such while we're not busy or something similar.
> What are some thoughts out there on how best to do this? There's the
> classic ssh and ssh with port knocking. But, as someone pointed out,
> dealing with unfriendly firewalls when your traveling can kill this
> idea, eg by blocking port 22? A lot of firewalls out there are now doing
> protocol enforcement so you can't put ssh and port 80 because it doesn't
> look like http. What other methods are out there?
when travelling or behind harsh non-22 firewalls?
sshd listen on 443; sometimes even on 23.
more secure? all other things being vaguely defaultish:
PermitRootLogin no
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
Can be useful to create a group of *only* those allowed to ssh in
remotely. YMMV.
AllowGroups sshlogin
and obviously, password protect your ssh key(s) :-)
Cheers!
- S
More information about the linux
mailing list