[clug] [OT] IP range of a domain?
Robert Brockway
robert at timetraveller.org
Wed Jan 20 23:24:40 MST 2010
On Thu, 21 Jan 2010, Carlo Hamalainen wrote:
> I want to drop all incoming ssh connections to my server apart from a
> few IP addresses plus my current home ADSL. When I had Internode I was
Have you considered running a VPN between your server and your home DSL?
This sidesteps the entire problem. You can access your server over your
VPN link and don't have to worry about allowing a dynamically assigned
address through the firewall. OpenVPN would accept connections from any
address but it can use a key pair for authentication.
If you do then OpenVPN is good choice.
Other options you may like to consider:
* Blocking password access for ssh and using key auth only.
* Enabling 'fail2ban' to block brute force attacks against sshd on the
server, if you are using password auth.
Cheers,
Rob
--
Email: robert at timetraveller.org
IRC: Solver
Web: http://www.practicalsysadmin.com
I tried to change the world but they had a no-return policy
More information about the linux
mailing list