erikmccaskey64 <erikmccaske...@zoho.com> wrote: > Main question: is it safe, to open a port for an openssl server?
No, it's not 100% safe. One has to evaluate the risk vs requirement and act accordingly. > Is it secure? - it could be DOSed' [DenialofService] or could it be > attacked in any way? Yes, of course it can. A few hundred thousand bots hammering away at your machine will likely bring it to its knees regardless of the security you apply to the port itself - or even the service running on that port. > Are there any iptables rule for restricting connections to dyndns names? > e.g.: only allow connection from "asdfasdf.dyndns.com" and > "asdfasdf2.dyndns.com" and "asdfasdf3.dyndns.com"? No. Iptables is about IP addresses (and ports). Not names. But /etc/hosts.allow could provide a level of protection for names matching, e.g. "*.dyndns.org". > How could i restrict the openssl server to only accept traffic from > given clients? Please help me "think".. You can put allowed users into an "can-ssh" group (/etc/groups) and then apply a rule in ssh_config that only permits logins from user accounts in that group. > Or are there any "production ready" methods, that can do authentication > too? [+using ssl]. "openssl s_server" and "openssl s_client" would be > perfect, but the problem is it doesn't has username/password auth :\ I don't understand this. Ssh supports public/private key authentication, with an optional fall-back to password. If you change the fall-back you can force mandatory key authentication. Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1ts148x6l9....@news.roaima.co.uk
