[clug] Remote Authentication for Linux
steve jenkin
sjenkin at canb.auug.org.au
Wed Sep 1 07:57:14 UTC 2021
The notion of a second “recovery” SSHD on an non-standard is good.
You could also use IP filtering rules to only accept connections from a few IP numbers, drop everything else.
[Others on list could say how to do that]
SSH with private keys, no password authentication, is ASD/ DSD certified, even for the most highly classified networks.
The Admins control the ssh private key material and only operate from physically secure devices with, optionally, aggressive security measures, eg Two Factor Auth
[Ubikeys do this cheaply on Linux]
I’m not sure why you’re looking for _extra_ ways to “authenticate” when you already have the most secure & easy solution already working.
> On 1 Sep 2021, at 16:05, jm via linux <linux at lists.samba.org> wrote:
>
> This is the back up. If all goes to hell - More
> than usual. Start a second ssh server on another port with uses some
> other method of authentication, the one I've been asking questions
> about
--
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA
mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list