On 11/10/05, Marty <[EMAIL PROTECTED]> wrote: > If your machines are all exposed to the internet or to an insecure > LAN, then I don't see how you can safely use ssh at all. I would > never attempt such a thing, so you are much braver than I. > > What I would do instead is limit ssh logins to a single heavily > scrutinized, stripped and locked down, dedicated (internet) ssh server, > which would be manually activated (maybe remotely) for each ssh > use, and turn off all other times.
'maybe remotely' - aren't you just pushing back the problem? Personally I'd go for one ssh gateway into the LAN locked to a limited number of users (restricted by origin IP if possible) coupled with RSA authentication and auto-lockdown after x failed connections. If you have anything that makes that look unsafe, it probably shouldn't be on the network at all. -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/
