On Tue, Mar 25, 2008 at 11:28:45AM -0700, Tim Alberts wrote: > >http://wiki.xdroop.com/space/Linux/Limited+SSH+Access > > > That sounds great for getting around a remote dynamic IP address, but > some more authentication/security on that web page is necessary, > otherwise, anyone who finds that web page is given access?
Strictly speaking, yes; however in practice, the number of bots (or,
indeed, external users who are not me) who the magic web page to hit
(my actual page is not named as the example on the web page is!)
before attacking the ssh connection is zero; therefore since the goal
was to prevent stupid robots from brute-forcing my ssh and filling my
logs, it isn't necessary.
I mean, strictly speaking you'd next have to insist on a proper SSL
connection to the web server, otherwise you are at risk of someone
sniffing the username and password used in the .htaccess process.
And then after that, you'd have to insist on some kind of security on
the remote system to ensure that your passwords are not being
captured. Etc, etc.
--
/\oo/\
/ /()\ \ David Mackintosh |
[EMAIL PROTECTED] | http://www.xdroop.com
pgpheBd6M3mv6.pgp
Description: PGP signature
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
