Interesting ....
Bill Campbell
linux-sxs at celestial.com
Sun Jul 6 13:31:25 PDT 2008
On Sun, Jul 06, 2008, Ben Duncan wrote:
> True. It also true that the wrapper set up I have requires that the IP address
> has reverse DNS lookup. Meaning that that the IP has to be traced back to
> the correct Domain / IP / MAC otherwise simple spoofing the IP
> will get you denied.
That's fine until you find yourself off-site someplace like a
hotel or such, and need to get access back to your own systems.
I prefer to turn off password authentication, and only allow
authorized_keys (with proper, long pass phrases).
Regardless of the type of restrictions used, fail2ban is handy to
limit the number of log messages and denial-of-service attacks.
Another option is to use OpenVPN, and connect only to the private
LAN addresses.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
The Income Tax has made more Liars out of American people than Golf has.
Will Rogers
More information about the Linux-users
mailing list